Federal authorities charged three North Korean intelligence operatives for their alleged roles in a global hacking campaign targeting more than $1.2 billion in cash and crypto-currencies from financial institutions and other entities, according to a indictment unsealed Wednesday.
The U.S. case, targeting members of North Korea’s military intelligence unit known as the Reconnaissance General Bureau, represents a broad expansion of an investigation initially made public more than two years ago, involving the 2014 cyberattack against Sony Pictures and AMC Theaters in retaliation for the movie “The Interview,” which depicted a fictional assassination of the North Korean leader.
Assistant Attorney General John Demers, chief of the Justice Department’s National Security Division, described the operation as “a criminal syndicate with a flag” representing the North Korean government.
The expanded investigation unveiled Wednesday also produced separate charges against a Canadian-American citizen who has agreed to plead guilty to helping the North Korean operatives launder millions of dollars in stolen funds, authorities said.
Ghaleb Alaumary, 37, of Mississauga, Ontario, Canada, was described as a “prolific” money launderer for the North Koreans engaged in so-called ATM cash-out schemes. In those cases, hackers use cloned bank cards to max-out targeted accounts.
Prosecutors said Alaumary organized teams of associates in the United States and Canada to launder millions of dollars obtained in the ATM operations.
The North Korean operatives were identified as Park Jin Hyok, 36; Jon Chang Hyok, 31; and Kim Il, 27.
Park Jin Hyok was previously charged in the 2018 case.
As members of the North Korean intelligence units, prosecutors said the suspects were at times stationed in China, Russia and other countries. And their hacking units were sometimes referred to as the Lazarus Group and APT38.
“The indictment alleges that these groups engaged in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the (North Korean) government and its leader, Kim Jong Un,” prosecutors said.
Each of the North Korean suspects is charged with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire and bank fraud. All three are still believed to be in North Korea.
While it is unlikely that they will ever face the charges in the U.S., officials said it was nonetheless important to file the charges in part to educate the public about the group’s malicious activities, identify them so that they can no longer operate in anonymity and demonstrate American commitment to its allies.
“We continue to shine a light on the global campaign of criminality being waged by the DPRK,” Demers said. “Nation-state indictments like this are an important step in identifying the problem, calling it out in a legally rigorous format, and building international consensus.”