This is not a good week for North Korea’s Reconnaissance General Bureau, the country’s overseas intelligence agency. The U.S. Department of Justice, on Thursday, unsealed a criminal complaint charging Park Jin Hyok, a North Korean individual, with conspiracy “to conduct multiple destructive cyberattacks around the world.” Park was allegedly involved with the so-called Lazarus Group, the hacking team identified as the main perpetrator of the Sony Pictures Entertainment hack in 2014 associated with the release of the film The Interview, and, in 2017, the WannaCry 2.0 ransomware attack. The Interview depicted a plot to kill North Korean leader Kim Jong Un.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” FBI Director Christopher Wray said in a statement released by the Department of Justice. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign. This group’s actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems. We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are.”
The nearly two hundred-page complaint (PDF) offers the most detailed official U.S. statement on the nature of illicit North Korean cyber operations. It details, for the first time, a range of IP addresses associated with North Korean offensive cyber operators and outlines a range of details related to the methods used by the Reconnaissance General Bureau to strike overseas targets. The impressive detail in the complaint is likely part of an attempt by the United States to name-and-shame North Korean cyber operators and, in the process, demonstrate the extent of knowledge U.S. intelligence agencies have on North Korean cyber methods.
Park, who is charged with conspiracy, is the sole North Korean to be named by the Department of Justice. The efforts employed by Park and his collaborators “included spear-phishing campaigns, destructive malware attacks, exfiltration of data, theft of funds from bank accounts, ransomware extortion, and propagating “worm” viruses to create botnets.” Park and his collaborators, in addition to targeting Sony Pictures Entertainment, targeted financial services companies, including Bangladesh Bank, which saw $81 million stolen in February 2016. They also targeted U.S. defense contractors, including Lockheed Martin.
The Department of Justice’s findings show that North Korean cyber activities caused “hundreds of millions, if not billions, of dollars’ worth of damage,” according to Assistant Attorney General John C. Demers. North Korean malware “indiscriminately affected victims in more than 150 other countries,” Demers added.