US Department of Justice (DoJ) accuses three North Koreans of stealing $ 1,3 billion and cryptocurrencies as a result of cyber attacks on banks, the entertainment industry, cryptocurrency companies and more. The accused are North Korean state hackers and members of units of the General Identification Office (RGB), a North Korean military intelligence service involved in cybercrime operations. These North Korean military pirate units are known by many names, including Lazarus Group and APT (Advanced Persistent Threat) 38.
According to the DoJ, the three North Koreans are involved in a large-scale criminal conspiracy to carry out a series of catastrophic cyber-attacks, to steal more than $ 1,3 billion and cryptocurrencies from financial institutions and companies, to create and deploy malicious software and platform development blockchain.
The three accused are Jon Chang Hyok, Kim Il and Park Jin Hyok, while Park was also accused in September 2018 of involvement in a wide-ranging, multi-year conspiracy aimed at infringement computers and committing fraud.
The Lazarus Group, monitored by the US as HIDDEN COBRA, targets high-profile organizations such as Sony Pictures Entertainment, as well as many banks worldwide.
As he says BleepingComputer, the piracy campaign allowed hackers to steal hundreds of millions of US dollars - about $ 140 million - in violation of the Bank of Bangladesh, the Bank of Chile and the World Bank of Taiwan.
North Korean-backed hackers have been accused of many acts of piracy, including:
- Cyber-attacks in the entertainment industry: The catastrophic cyber attack on Sony Pictures Entertainment in November 2014 - in retaliation for "The Interview", a film depicting a fictional assassination of the DPRK leader in December 2014 - produced a fantastic series starring a British DPRK prisoner of war scientist.
- Cyber attacks on banks: Attempts from 2015 to 2019 to steal more than $ 1,2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa by breaking into banks' computer networks and sending "fraudulent" »SWIFT (Global Interbank Financial Telecommunication Company) messages.
- Cyber attacks on ATMs: ATM thefts, including the theft of $ 6,1 million in October 2018 by the Pakistani Islamic bank "BankIslami Pakistan Limited".
- Creating the catastrophic WannaCry 2.0 ransomware in May 2017, blackmail and attempted blackmail of victim companies from 2017 to 2020 with the theft of sensitive data and the development of other ransomware.
- Creation and development of malicious cryptocurrency applications: Development of multiple malicious cryptocurrency applications from March 2018 to at least September 2020 - including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader and to North Korean hackers one backdoor to computers of the victims.
- Targeting cryptocurrency companies and stealing cryptocurrencies: Hundreds of companies targeting hundreds of cryptocurrencies and stealing tens of millions of dollars worth of cryptocurrencies, including $ 75 million from a Slovenian cryptocurrency company in December 2017, $ 24,9 million from a 2018 cryptocurrency company and an Indonesian financial services in New York in August 11,8, where hackers used the malicious CryptoNeuro Trader application as a backdoor.
- Spear-Phishing Campaigns: Multiple campaigns spear-phishing from March 2016 to February 2020, which targeted U.S. employees working in, inter alia, energy companies, aerospace companies, technology companies, the U.S. Department of State, and the U.S. Department of Defense.
The indictment alleges that the North Korean hackers aimed to "promote the strategic and financial interests of the DPRK government and its leader, Kim Jong Un, by causing damage as well as stealing data and money from organizations around the world."
The United Nations estimated in 2019 that North Korea had raised up to $ 2 billion from at least 35 cyberattacks targeting banks and cryptocurrency exchanges in more than a dozen countries.
Another United Nations report from 2019 reported that hackers backed by the DPRK are believed to have been behind $ 571 million in financial losses.
These gains allow the North Korean regime to continue investing in ballistic missiles and nuclear programs, according to the DoJ.
Also in 2019, the US Treasury Department imposed sanctions on three North Korean piracy groups (Lazarus Group, Bluenoroff and Andariel) involved in channeling stolen financial assets to the North Korean government.