President Joe Biden's administration has targeted North Korea and claimed it has a special department of hackers who are responsible for a "global campaign of criminality."
The US Justice Department unveiled an indictment on Wednesday, 17 February, against three North Koreans accused of being part of the secretive Reconnaissance General Bureau (RGB), which is better known among hackers and cybersecurity firms as the Lazarus Group, or APT 38.
The Americans claim North Korea, struggling under the weight of UN sanctions, launched a series of cyber attacks to steal money and cryptocurrency from financial institutions and individuals around the world using malware.
Assistant Attorney General John C. Demers said: "North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers."
All three of the men it has named - Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, are believed to be in North Korea but Park was charged in absentia in 2018 with a cyber attack on Sony Entertainment four years earlier.
That attack was believed to have been carried out in revenge for Sony funding a Seth Rogen movie, The Interview, which poked fun at Kim Jong-un.
Park is also accused of creating the WannaCry 2.0 ransomware, which brought down the NHS computers and many other servers in 2017, and the theft of US$81 million from a bank of Bangladesh the previous year.
Acting US Attorney Tracy L. Wilkison for the Central District of California said: "The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering. The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime."
The Justice Department has also claimed the hackers targeted a British film production company, Mammoth Screen, after it produced a fictional TV series about an English nuclear scientist being taken prisoner in North Korea.
It is claimed between 2015 and 2019 the North Koreans attempted to steal US$1.2 billion from banks in Malta, Mexico, Taiwan, Vietnam and Bangladesh by sending fake SWIFT (Society for Worldwide Interbank Financial Telecommunication) messages.
The three North Koreans also developed fake cryptocurrency apps - Celas Trade Pro, World Bit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader and Ants2Whale - which allowed them to hack into people’s computers and steal personal information.
They are also accused of raiding digital currency exchanges in Slovenia and Indonesia and taking $11.8 million from a New York digital exchange.
North Korean Hackers Trying to Steal COVID-19 Vaccine Research: Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries'… https://t.co/XvSbqZ9xRH pic.twitter.com/yHmzCkpBb2— MI6ROGUE.COM® (@mi6rogue) December 24, 2020
Kim Il was identified by the Justice Department as the developer of the Marine Chain Token blockchain which was designed so that investors could buy shares in ships involved in international commerce.
The Justice Department claim the Marine Chain Token was designed to help Pyongyang avoid sanctions by disguising ship ownership identities, allowing shops to secretly export oil and other resources to North Korea.
A fourth man - Ghaleb Alaumary, from Mississauga in Canada - has pleaded guilty to one charge of acting as a money launderer for the North Koreans.
He allegedly hired a team of people to withdraw up to $6 million from BankIslami Pakistan ATMs which had been hacked by the North Koreans.
If the three North Koreans are ever caught and convicted in the US they could face up to 30 years in prison.
Relations between the US and North Korea warmed up when Donald Trump first became President and he even met Kim Jong-un at a summit in Vietnam in 2019.
But by last year relations had become frosty again with North Korean foreign minister Ri Son Gwon saying Washington remained a "long term threat" to the Democratic People’s Republic of Korea.
US State Department spokesman Ned Price said the Biden administration was reviewing how to deal with Pyongyang and said it "will take into account the totality of the malign activity and the threats that are emanating from North Korea.”
"Most frequently we speak of North Korea's nuclear and ballistic missile program, but of course, its malicious cyber activity is something we are carefully evaluating and looking at as well," he said.