The Department of Justice (DoJ) said today it charged Park Jin Hyok, a North Korean citizen and computer programmer, for conspiring in several high-profile cyber attacks including the 2014 attack on Sony Pictures, the 2018 WannaCry 2.0 ransomware attacks, and the 2016 theft of $81 million from Bangladesh Bank.
According to a criminal complaint unsealed today, Park is facing charges for his “involvement in a conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage to massive amounts of computer hardware, and the extensive loss of data, money, and other resources.”
According to the DoJ, Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” said FBI Director Christopher Wray in a statement.
“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign. This group’s actions are particularly egregious as they targeted public and private industries worldwide–stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems. We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are.”
In the complaint, DoJ–which worked with the FBI to investigate the crimes–alleges Park was part of a “government-sponsored hacking team” known to the private sector as the “Lazarus Group.” As a member of the group, Park worked for a North Korean government front company called Chosun Expo Joint Venture. The DoJ explained that the group’s attack methods included spear-phishing campaigns, destructive malware attacks, exfiltration of data, theft of funds from bank accounts, ransomware extortion, and propagating “worm” viruses to create botnets.
Among the group’s spear-phishing targets in 2016 and 2017 were U.S. defense contractors including Lockheed Martin, DoJ said.
The government’s charges received immediate bipartisan praise on Capitol Hill.
“This indictment is the result of years of hard work by the FBI and the Department of Justice, and it is an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable,” Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, said in a statement. “It also points to the need for a clearly thought-out and articulated strategy for deterring and punishing state-sponsored cyberattacks.”
Sen. Ben Sasse, R-Neb, also offered praise for the charges, as well as criticism of the North Korean regime.
“It’s been four years since North Korea’s petty little despot hacked Sony Pictures because he didn’t like a movie that a free and open society produced,” the senator said. “It’s been a year and half since he launched a ransomware attack that hit hundreds of thousands of computers across the globe. Kim showed the world both how small he was and how capable his cyber soldiers can be. Cyberwar gives outsized opportunities to North Korea and it’s important to push back.”
Along with DoJ’s criminal charges, the Treasury Department announced that its Office of Foreign Assets Control designated Park and KEJV under Executive Order 13722 “based on the malicious cyber and cyber-enabled activity outlined in the criminal complaint.”
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is committed to holding the regime accountable for its cyberattacks and other crimes and destabilizing activities.”