US Charges N. Korean Man in Sony Hack, Other Attacks
U.S. prosecutors on Thursday announced charges against a North Korean computer programmer in connection with a series of cyberattacks in recent years, including the 2014 hacking of Sony Pictures Entertainment and a 2016 attack on the Bangladesh central bank.
Prosecutors identified the hacker as Park Jin Hyok, an alleged member of a hacking team known as the “Lazarus Group.” The group is accused of engaging in a “wide-ranging, multi-year conspiracy” to conduct computer intrusions and wire fraud around the world while operating out of North Korea, China and other countries.
The charges against Park were filed June 8 in the U.S. District Court for the Central District of California, four days before U.S. President Donald Trump met with North Korean leader Kim Jong Un during a historic summit in Singapore. The allegations come as the Trump administration seeks an agreement with the North Korean government to dismantle its nuclear weapons program.
Park, who faces charges of conspiracy to commit wire fraud and conspiracy to commit computer-related fraud, remains at large. The FBI issued a wanted poster that describes him as a North Korean citizen and seeks information about him. The Treasury Department announced sanctions against both Park and Chosun Expo in connection with the conspiracy.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” FBI Director Christopher Wray said. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign.
Assistant Attorney General John Demers called the scale of the cyberattacks “staggering and offensive.”
The attack on Sony was widely believed to have been carried out in retaliation for the release of “The Interview,” a 2014 action comedy film that depicted a fictional assassination plot against Kim.
The complaint alleges that the hackers stole movies and other confidential information from Sony and rendered thousands of the company’s computers inoperable. Park is believed to have traveled back to North Korea shortly before the attack.
In the 2016 attack on Bangladesh Bank, the hackers stole $81 million in what is widely seen as the largest cyber theft from a financial institution.
More recently, the group was responsible for the ransomware used in the global cyberattack known as WannaCry 2.0 in 2017, according to the complaint.
The hacking group is accused of carrying out numerous other attacks on financial institutions, entertainment companies, defense contractors, virtual currency industries, academia and electric facilities in the United States, as well as countries in Europe, Asia, Africa, North America and South America.
The criminal complaint alleges that Park worked as a computer programmer for over a decade for Chosun Expo Joint Venture. The company is affiliated with Lab 110, a component of the North Korean military intelligence service, according to the complaint. In addition to performing legitimate programming work for paying clients, the Lazarus Group is accused of engaging in malicious cyberattacks.
Officials said the investigation into the group is ongoing.
In recent years, U.S. officials have singled out North Korea among the countries that pose growing cyberthreats to the U.S. In its annual Worldwide Threat Assessment report released in February, the Office of the Director of National Intelligence said Russia, China, Iran and North Korea “will pose the greatest cyberthreats to the United States during the next year.”
Jeff Seldin in Washington contributed to this story.