US Charges North Korean Hacker For WannaCry, Sony Attacks

A photograph representing North Korea's military

The individual allegedly worked with a China-based group to carry out a string of attacks and bank heists, stealing £62m from Bangladesh’s central bank

The US government has formally charged and sanctioned a North Korean man allegedly linked to the North Korean government for a series of cyberattacks, including the 2017 WannaCry ransomware outbreak and the theft of millions from the Bank of Bangladesh in 2016.

The charges, unsealed on Thursday, were originally filed under seal on 8 June, days before a summit between the US president and North Korea’s leader.

The move is part of a strategy by the US government to name specific offenders in an effort to deter future cyberattacks.

The criminal complaint alleges that Park Jin Hyok carried out the attacks as part of a team known as the Lazarus Group under the auspices of North Korea’s government, although no North Korean officials are named.

north koreaGlobal damage

The group’s activities also included a damaging 2014 attack on Sony Pictures Entertainment and efforts to breach US businesses including Lockheed Martin. There was no evidence the Lockheed Martin attack was successful, the complaint said.

The US Treasury Department imposed sanctions against Park and Chosun Expo, the China-based front company he worked for.

An unnamed North Korean official denied the country was responsible for the attack on Sony in an interview with Voice of America, calling the allegation a “fabrication”.

North Korea has previously denied involvement in the WannaCry and Bangladesh Bank attacks.

The US has indicated in the past it blames North Korea for the incidents, but the US government said it was the first time a hacker had been formally charged for cybercrimes “sponsored” by North Korea.

“The department has charged, arrested and imprisoned hackers working for the governments of China, Russia and Iran,” said John Demers, the assistant attorney general of the National Security Division. “Today, we add the North Korean regime to our list, completing frankly four out of four of our principle adversaries in cyberspace.”

The UK also said last year it sees North Korea as responsible for WannaCry, which disrupted businesses worldwide and caused the cancellation of thousands of NHS appointments.


Bank heist

North Korean defectors last year also linked the country’s government to WannaCry and an attack on Bangladesh’s central bank, which resulted in the theft of $81 million (£62m).

In 2016, cybersecurity expert Mikko Hyppönen told London’s Infosec conference that the current world climate was similar to the nuclear arms race, except that a “fog of cyberwar” was making it difficult to tell who was doing what.

But he said it appeared likely that North Korea was involved in the Sony and Bangladesh Bank incidents.

“What we know for certain is that this is the first time in history that we have seen a nation state attack which is not done for espionage, spying or sabotage, but which is actually done for stealing money,” he said of the Bangladesh heist.

The Sony attackers were unusually aggressive, releasing large amounts of internal data, including complete email histories of staff, details on what stars were paid and the credit card details of then-Sony chief executive Michael Lynton.

The attack appeared to be in response to the planned release of “The Interview”, a comedy film about a CIA plot to assassinate North Korea’s leader, Kim Jong-un.

Data leaked by the attackers indicated the film’s overall budget of $44m included $74,000 for two tigers, their handlers and special “tiger accommodations”.