IE 11 is not supported. For an optimal experience visit our site on another browser.

U.S. indicts three North Koreans in massive WannaCry, Sony hacks

Authorities think the attack was retaliation for Sony's “The Interview,” a Seth Rogen/James Franco comedy that ridiculed North Korean dictator Kim Jong Un.
Image: North Korean leader Kim Jong Un visits a drill of long-range artillery sub-units of the Korean People's Army, in North Korea
North Korean leader Kim Jong Un visits a drill of long-range artillery sub-units of the Korean People's Army, in North Korea on March 2, 2020.KCNA / Reuters

LOS ANGELES - Three North Koreans have been indicted in the crippling 2014 Sony Pictures Entertainment hack and a wide-ranging scheme to steal and extort more than $1 billion in cash and cryptocurrency from banks and companies based across the globe, federal prosecutors said Wednesday.

The indictment comes more than two years after prosecutors filed charges against one of the men, Park Jin Hyok, a computer programmer working for North Korea’s military intelligence team, who was allegedly part of a team of hackers who helped carry out the cyberattack on Sony. The attack erased a vast trove of data, divulged confidential emails among top Hollywood executives and forced the company offline until it could rebuild its computer network.

Authorities believe the motive for the attack was retaliation for Sony’s production of the 2014 film “The Interview,” a comedy starring Seth Rogen and James Franco that ridiculed North Korean dictator Kim Jong Un and included the portrayal of an assassination plot against him.

The indictment describes a vast and multilayered scheme that went well beyond the Sony attack, targeting international banks and cryptocurrency companies. The defendants deployed malicious cryptocurrency applications and developed and fraudulently marketed a Blockchain platform, striking financial institutions and companies in multiple continents, prosecutors said.

"The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” acting U.S. Attorney Tracy L. Wilkison for the Central District of California said in a statement. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”

The 33-page indictment unsealed Wednesday charges Park, Jon Chang Hyok and Kim Il with criminal conspiracy, conspiracy to commit wire fraud and bank fraud.

Prosecutors said the defendants were part of North Korea’s military intelligence agency called the Reconnaissance General Bureau, or RGB. The agency was was headquartered in Pyongyang, but the trio traveled to and worked from other countries, including the People’s Republic of China and the Russian Federation, prosecutors said.

The indictment was made public two months after it was returned by a Los Angeles grand jury.

The prospect of any of the North Korean hackers facing justice in a U.S. court is remote at best given their role in the regime.

As part of the alleged scheme, the defendants sought to steal more than $1.2 billion in banks from multiple countries including Vietnam, Mexico and Malta, the indictment says. They also stole tens of millions of dollars' worth of cryptocurrency, including $75 million from a Slovenian cryptocurrency company and $11.8 million from a financial services company in New York, according to the indictment. They are also accused of carrying out the WannaCry 2.0 ransomware attack in 2017.

“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than masks and guns, are the world’s leading 21st century nation-state bank robbers,” said assistant Attorney General John Demers.

The Justice Department also announced Wednesday that a Canadian-American man agreed to plead guilty in a money laundering scheme connected to the hackers.

Ghaleb Alaumary, 37, of Ontario, admitted to being a “high-level” money launderer for multiple criminal schemes including ATM “cash out” operations and a cyber related bank heist orchestrated by North Korea, prosecutors said.

Alaumary could not immediately be reached for comment. His attorneys did not immediately respond to a request for comment.

The scope of the cyberassaults allegedly carried out by Park and his fellow North Korean hackers “is virtually unparalleled,” federal investigators said in the 2018 criminal complaint filed in Los Angeles. The hacks hit hundreds of thousands of computers around the world and causing serious damage at entertainment companies, hospitals and defense contractors over several years,

The WannaCry 2.0 ransomware attack in 2017 struck computers in more than 150 countries, temporarily crippling the computer system of Britain’s public health care service. At the time, National Health Service staff had to delay operations and appointments while doctors used pen and paper until the computer network was restored. The malicious software also hit Germany’s railways and Russia’s interior ministry.