The Justice Department has charged a North Korean computer programmer in major cyber crimes over the last four years, including the 2017 WannaCry ransomware attack and the 2014 Sony Pictures hack.
The DOJ said Thursday that it’s charged Jin Hyok Park, a North Korean computer programmer, with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud. The charges are related to a massive attack against Sony, the WannaCry ransomware that ensnared thousands of computers in hospitals, universities and banks, and a $81 million Bangladesh Bank heist in 2016.
The Sony attack was tied to the film The Interview, starring Seth Rogen and James Franco, a comedy that depicted an assassination attempt against North Korean leader Kim Jong-Un.
In retaliation, North Koreans pulled off one of the most damaging hacks on a US company, leaking thousands of emails between Sony executives, including personal information about employees and celebrities. That attack also crippled the company’s computer infrastructure.
The WannaCry attack locked up more than 300,000 computers in 150 countries, demanding that victims pay the ransom or risk losing access to their devices forever.
Park is not the only person accused in these major attacks, but his is the only name listed in the criminal complaint. DOJ officials said that Park didn’t act alone and that the investigation is still ongoing. Investigators said Park was working on behalf of the North Korean government.
“This is one of the most complex and longest cyber investigations that the department has conducted,” John Demers, assistant attorney general for national security, said Thursday.
The charges are the first US case against a North Korean hacker, as the nation continues to build up its cyberattack capabilities. Over the years, North Korea has created a powerful hacker army called the Lazarus Group. The US is often a major target of nation-state hackers, and the Justice Department has investigated and charged hackers from Russia, China and Iran as well.
Dmitri Alperovitch, co-founder of cybersecurity company Crowdstrike, called North Korea one of the “most aggressive nation-state actors in cyberspace.”
The criminal complaint (.pdf) said that Park, was working in Dalian, China for a front company called Korea Expo Joint Ventures, which was controlled by North Korea to make money for the nation’s hacking organization.
Shortly before the hack against Sony, Park returned to North Korea, and began launching attacks against the company, according to the complaint. Using a network of alias and email addresses, Park flooded inboxes at Sony Pictures, AMC Theaters and Mammoth Screen to intrude their networks.
According to the Justice Department, he also used those same email addresses to pull off the $81 million heist from Bangladesh Bank. He also used those alias to attack Lockheed Martin, a military contractor that works with both the US and South Korean governments.
Justice officials also found that Park allegedly used the same malware for attacks on both the Bangladesh Bank and Sony.
“This group’s actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems,” FBI director Christopher Wray said in a statement.
Along with other North Korean hackers, Park allegedly helped create the WannaCry ransomware, as well as two future versions of it that continued to spread, according to documents. Investigators found evidence in email exchanges linking the ransomware to Park and other North Korean hackers.
All three versions have similar coding, indicating that they had the same creator, according to the criminal complaint.
While it’s unlikely that any North Korean hacker would be extradited to face trial in the US, the Justice Department has used its “Name and Shame” strategy for multiple nation-state hackers.
“Their attacks have costed organizations all over the world tens of millions of dollars in damage,” Alperovitch said. “One of the most important steps taken towards achieving effective cyber deterrence is the attribution of these attacks and holding the perpetrators accountable, as we witnessed today by the announcement of the US Department of Justice.”
If arrested and found guilty, Park would face a maximum of 25 years in prison over his computer fraud and wire fraud charges.
The Treasury Department has also launched a series of sanctions against Park, as well as Korea Expo Joint Venture, the front company he claimed to work for.
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said.
Sen. Mark Warner, a Democrat from Virginia, said Thursday’s indictment was an “important step in making clear to our adversaries that these kinds of criminal activities are unacceptable.”
This is a breaking news story, please continue to check for updates.
Originally published at 8:14 a.m. PT.
Updated at 10 a.m. PT: To include details from the Justice Department’s indictment, at 10:11 a.m. PT: with details from the Treasury Department, at 10:20 a.m. PT: with remarks from the FBI.
: How Microsoft spotted another Russian hacking attempt
: US targets 10 Iranians over university cyberattacks, HBO hack