The Justice Department announced charges Wednesday against three North Korean hackers for allegedly conducting a series of destructive cyberattacks, computer-enabled bank thefts and cryptocurrency heists around the world.
Prosecutors say the defendants — Jon Chang Hyok, Kim Il and Park Jin Hyok — are members of North Korea’s military intelligence agency known as the Reconnaissance General Bureau. They face charges of conspiracy to commit computer fraud and conspiracy to commit wire and bank fraud.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” said John Demers, the assistant attorney general for national security.
According to the indictment, the three men attempted to steal and extort more than $1.3 billion in cash and cryptocurrency from their victims.
The indictment builds on a 2018 case that charged Park for his alleged role in the cyberattack against Sony Pictures, the theft of $81 million from Bangladesh’s central bank and other computer intrusions.
Wednesday’s indictment adds the two new defendants, Jon and Kim, as well as more victims of their alleged heists and extortion schemes.
Demers said the case highlights the North Korean government’s use of cyberattacks and other schemes as a means to earn money.
“The regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” Demers said.
“What we see almost uniquely out of North Korea is trying to raise funds through illegal cyber activity,” he added. “Their need as a country is for currency because of their economic system and the sanctions placed on them, so they use their cyber capabilities to get currency however they can do that.”
According to the indictment, the defendants are responsible for some of the most damaging cyberattacks ever, including the hack of Sony Pictures Entertainment, the cyber-heist of $81 million from the Bank of Bangladesh, and the WannaCry 2.0 attack.
The indictment says the computer breaches often began with spear-phishing emails that contained malware that allowed them to access their victims’ computer systems.
The defendants’ alleged victims include banks in Mexico, Malta, Pakistan, Poland, the Philippines, Vietnam and the United States, as well as crypto currency companies in Europe and Asia and online casinos in Central America.
The indictment alleges three new schemes.
One of them is known as an ATM cash-out, in which malware is installed on the computer of a bank that allows the hackers to make large, fraudulent cash withdrawals from the institution’s ATMs. The indictment alleges the defendants orchestrated $6.1 million in withdrawals through this scam.
Officials also announced Wednesday that a Canadian-American citizen, 37-year-old Ghaleb Alaumary, has agreed to plead guilty in a money laundering scheme, including the North Korean ATM cash-out operation.
The defendants also are accused of conspiring to create a digital token called “Marine Chain Token,” which the indictment says would allow investors to buy ownership stakes in marine shipping vessels.
The defendants and their conspirators allegedly used false names to dupe investors and raise funds for the platform, which prosecutors say was really a means to evade U.S. sanctions and generate funds for the North Korean government.