"A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform," the DOJ said in a press release.
The three North Korean hackers Jon Chang Hyok, Kim Il, and Park Jin Hyok are members of a North Korean intelligence agency known as Reconnaissance General Bureau (RGB), the release said, adding that they were sometimes stationed in Russia and China.
The hackers allegedly stole $1.3 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa between 2015 to 2019, the release said.
The hackers are accused of engaging in ATM cash-out schemes, including the October 2018 theft of $6.1 million from BankIslami Pakistan Limited, according to the release. The hackers also allegedly created the WannaCry 2.0 ransomware in May 2017, the Justice Department added.
They also allegedly developed malicious cryptocurrency applications from 2018 to 2020, such as Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale – which would give the North Korean hackers access to the victims’ computers, the release said.
The hackers allegedly stole $75 million from a Slovenian cryptocurrency company in 2017, $24.9 million from an Indonesian cryptocurrency company in 2018, and $11.8 million from a financial services company in New York in 2020, according to the statement.
Moreover, between 2016 to 2020, the hackers allegedly launched spear-phishing campaigns targeting employees of US defence contractors, energy companies, aerospace companies, technology companies, the US Department of State, and the US Department of Defense.