U.S. charges North Korean hacker for WannaCry, Sony cyber attacks
The U.S. government on Thursday charged and sanctioned a North Korean hacker for the 2014 Sony hack and the 2017 WannaCry global ransomware cyberattack, U.S. officials said.
The accused, Park Jin Hyok worked as part of a team of hackers, also known as the Lazarus Group, has been charged under the strategy planned by the U.S. government for naming and shaming the hackers in order to prevent future cyber attacks.
According to an FBI wanted poster released on Thursday, Park is identified as an alleged North Korean programmer who is accused of being “part of a state-sponsored hacking organization responsible for some of the costliest computer intrusions in history.”
Those attacks include the Sony Pictures Entertainment hack, the WannaCry attack and “a series of attacks targeting banks across the world that collectively attempted to steal more than one billion dollars,” according to the FBI.
The U.S. Treasury Department sanctioned Park, a computer programmer, and the North Korea entity, Chosun Expo Joint Venture, the company he worked for.
The Treasury said the joint venture, also known as Korea Expo Joint Venture, is “a front for the North Korean government,” according to the Justice Department.
“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General for National Security John C. Demers.
“The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage.”
Park is also suspected of trying to hack into Lockheed Martin’s THAAD Missile defense system project currently deployed in South Korea. He is suspected of working for North Korea’s Reconnaissance General Bureau, a leading intelligence agency of that country.
The complaint against Park describes a “wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of the government of the Democratic People’s Republic of Korea, commonly known as North Korea.”
In 2014, the U.S. officials said unnamed North Korean hackers were responsible for the cyber attacks launched on Sony, which resulted in the loss of internal documents and data.
The hack on Sony Pictures came after Pyongyang sent a letter to the United Nations demanding that the movie production house not move forward with the movie “The Interview,” that showed the North Korean dictator Kim Jong Un in a negative light.
Park exploited multiple social media personas by sending malicious links to individuals involved in the production of the movie, the complaint said. The malicious links carried North Korean-controlled malware.
In 2017, WannaCry ransomware made headlines as one of the most widespread cyber attacks in history that brought up to 3,00,000 computers running Windows operating system in 150 countries to a standstill. Among the victims were Britain’s National Health Service (NHS), which had to close emergency rooms in a number of hospitals due to the hack.
Federal prosecutors have charged Park, who is not in custody, with conspiracy and conspiracy to commit wire fraud.
The Treasury Department, in a press release, said, “North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace.”
“Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions.”
John Demers, the Assistant Attorney General of the National Security Division, said on Thursday, “The department has charged, arrested and imprisoned hackers working for the governments of China, Russia, and Iran. Today, we add the North Korean regime to our list, completing frankly four out of four of our principal adversaries in cyberspace.”
This is the first time the U.S. law enforcement agencies have formally charged a hacker involved in the North Korean “sponsored” cyber attacks. However, North Korea has denied the allegations of hacking.