Cash-strapped North Korea allegedly employed hackers for years to steal $1.3 billion by relentlessly exploiting cryptocurrencies and use software to blackmail companies, said the Department of Justice in an indictment unsealed Wednesday in the U.S.
The indictment filed in the U.S. District Court in Los Angeles charges Jon Chang Hyok, Kim Il and Park Jin Hyok with hacking and related fraud estimated to have stolen the cash and cryptocurrencies over the past six years for North Korea.
The three are members of the Reconnaissance General Bureau, a North Korean military intelligence unit engaged in criminal hacking. Park was previously charged in a September 2018 criminal complaint with the cyberattack on Sony Pictures and the creation of the WannaCry ransomware.
The indictment accuses the men of deploying "multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform." The North Koreans are also accused of hacking banks and companies in more than a dozen countries as part of a conspiracy motivated by financial gain and revenge, said federal prosecutors.
North Korea's criminal moneymaking operations included developing malicious cryptocurrency apps and promoting a fraudulent initial coin offering in pursuit of digital cash.
The Justice Department also claims the North Korean hackers sent spear-phishing emails to employees at the State and Defense Departments and a host of U.S. technology companies in January and February 2020. The hackers are also alleged to have traveled to and worked from Russia and China.
"The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering," said Tracy Wilkinson, acting U.S. Attorney for the Central District of California,
"The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime."
The detailed indictment revealed the North Koreans from 2015 to 2019 appear to have stolen more than $1.2 billion from banks in Africa, Bangladesh, Malta, Mexico, Taiwan and Vietnam by breaking into their computer networks and sending fraudulent messages over the SWIFT bank messaging system.
The hackers are also accused of targeting hundreds of cryptocurrency companies and stealing tens of millions of dollars' worth of digital money. The indictment said a Slovenian cryptocurrency company lost $75 million in cryptocurrency. An Indonesian cryptocurrency company was defrauded out of $25 million in cryptocurrencies in September 2018 while a New York financial services firm that used the malicious CryptoNeuro Trader application lost $11.8 million.
The defendants also are accused of stealing $6.1 million from BankIslami Pakistan "and the extortion and attempted extortion of victim companies," said the DOJ.
The hackers deployed the fraudulent "Marine Chain Token," which allowed investors to buy fractional ownership interests in marine shipping vessels with blockchain technology. The token allowed North Korea to "secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions."
