On Wednesday, U.S. officials said that was only the beginning.
In indicting three North Korean computer programmers for their involvement in the Sony hack and other attacks on global banking, financial, entertainment and cryptocurrency entities, the U.S. Justice Department accused them and a group of conspirators of extorting more than $1.3 billion of cash and cryptocurrency.
The attacks included the attempted theft of nearly $1 billion from the central bank of Bangladesh in 2016, and a year later, holding two Central American casinos hostage for more than $2.5 million in ransom, according to U.S. officials.
More recently, the group has focused on stealing cryptocurrencies, according to prosecutors. The hackers discreetly injected malicious software into their own line of digital currency applications, granting them access to the devices of their victims, which included cryptocurrency companies in Slovenia and Indonesia and an unnamed financial services firm in New York.
In all, the victims of the cryptocurrency scam lost more than $100 million, according to the U.S.
North Korea’s hackers “have become the world’s leading bank robbers,” said John Demers, head of the Justice Department’s National Security Devision. “Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars.”
The North Korean hackers were identified as Jon Chang Hyok, Kim Il and Park Jin Hyok. Other North Koreans allegedly involved in the conspiracy weren’t named. The indictment unsealed Wednesday expands on a criminal complaint charging Park in 2018 for his alleged involvement in a conspiracy to conduct multiple cyber-attacks, including the Sony hack.
In the face of global sanctions to punish it for its nuclear weapons program, North Korea has relied heavily on cybercrime to fill its depleted coffers. It had taken in about $2 billion in 2019 through the worldwide theft of resources from the financial sector, according to testimony to a U.S. House committee in June.
The alleged hacking campaign outlined on Wednesday was part of an elaborate operation aimed at collecting money for North Korea’s Reconnaissance General Bureau, a military intelligence agency.
Pyongyang uses the Reconnaissance General Bureau to run its cybercrimes, according to a United Nations Panel of Experts responsible for investigating North Korea’s sanctions evasion. The agency’s hacking units are known as Lazarus Group and APT38.
As the North Korean hackers targeted institutions around the globe, from Los Angeles to Malta to Taiwan, the victims were either forced to or unknowingly lured into paying to prop up the North Korean regime, Demers said.
“According to several Member States, as well as open-source reports, the Democratic People’s Republic of Korea continues to target virtual asset service providers (for example, cryptocurrency exchange houses) and financial institutions for the purpose of evading United Nations sanctions,” the UN Experts’ panel said in a report last year.
To help move their money, the North Koreans allegedly turned to a Canadian man, Ghaleb Alaumary, who’s accused of organizing teams to launder millions of dollars stolen from automated teller machines, the U.S. said. Their victims included Pakistan’s BankIslami and an Indian bank, according to prosecutors.