N. Korean, Park Jin-Hyok Charged With Global Cyber Attacks

Founders Code

A North Korean suspect is wanted by U.S. authorities on suspicion of hacking. (Courtesy of the U.S. Federal Bureau of Investigation)


Federal prosecutors charged a North Korean man, Park Jin-Hyok, with crimes in connection with a series of costly cyber attacks around the globe, including the WannaCry ransomware attack in 2018, the heist of Bangladesh’s central bank in 2017, and the hack of Sony Pictures in 2014. It is the first time the Justice Department has explicitly charged a North Korean hacker backed by the government. Park was allegedly working as a programmer for a North Korean front company in China called Chosun Expo, which had ties to North Korea’s military intelligence.

Legal analysts say the complaint is the most detailed public accounting yet of North Korea’s cyber attacks against foreign adversaries. The Justice Department has now brought hacking-related charges against North Korea, China, Iran, and Russia.

(WSJ, NYT, Reuters, DOJ)

Park Jin Hyok, named by officials as a member of the so-called Lazarus Group hacking team behind last year’s WannaCry global ransomware attack and the 2014 digital attack on Sony, apparently used not only advanced technology but elaborate reconnaissance work to digitally steal money and sensitive information.

First, Park would obtain a number of email addresses of people affiliated with target businesses from traders dealing in large amounts of personal information. Then he would use the emails to gain an understanding of company employees’ fields of interest and personal relationships.

That would let him craft emails that could pass as genuine messages from major companies in content and style, a tactic known as spear phishing. After spending some time building trust, he would send the malicious links to websites that would infect a target’s computer.

In one case, Park apparently masqueraded as a human resources official at a U.S. defense-linked company to exchange messages with workers at one of the company’s competitors.

Last week’s charges were said to be the first in years against a North Korean hacker related to high-profile attacks linked to the state. The attack on Sony came as the company was preparing to release a movie called “The Interview,” which depicted the assassination of a character resembling North Korean leader Kim Jong Un. The group also allegedly stole $81 million from the central bank of Bangladesh in 2016.

“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign,” Christopher Wray, director of the Federal Bureau of Investigation, said in a statement on Sept. 6.

The U.S. Treasury also imposed sanctions on Park and a Chinese business he was affiliated with. “We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in his own statement.

Under Kim, the North has consolidated its cyber forces under its Reconnaissance General Bureau, which handles overseas spying. The state has a team of 6,800, according to the South Korean government, and is counted as one of the five cyber powers along with the U.S., Russia, China and Israel.

The core of cyber operations is a team known as “Bureau 121,” established in 1998 by Kim’s father, then-leader Kim Jong Il. Bureau 121 is known for its willingness to commit crimes for the sake of bringing in cash.

“The technology behind North Korea’s cybercrimes is some of the most advanced in the world,” said a source with the U.S. State Department.

Governments and businesses around the world are hurrying to guard themselves from the North’s attacks even as its methods grow more sophisticated. Further cooperation between countries’ cyberdefense authorities may be key to finding effective solutions.

British Airways: The airline said a “very sophisticated” hacker stole credit card details of hundreds of thousands of its customers in recent days. Anyone who lost out financially as a result of the breach would be compensated, BA officials said. (Reuters)

JPMorgan Hacker: A Russian man, Andrei Tyurin, has been extradited by Georgia to the United States on charges that he participated in the 2014 hack of JPMorgan Chase and other U.S. companies. (Reuters)

Speak Your Mind