Justice Department unseals new charges against North Korean hackers

Jenna McLaughlin
·National Security and Investigations Reporter
·3 min read

WASHINGTON — The Justice Department on Wednesday afternoon revealed new charges against three North Korean government computer hackers accused of conducting a range of cyberattacks around the world for over a decade, primarily aimed at enriching the leaders of the isolated regime and evading global sanctions.

According to the Justice Department, the hackers — Jon Chang Hyok, Kim Il and Park Jin Hyok — were working for North Korea’s military intelligence agency and were part of a group that carried out a series of high-profile crimes. The hackers’ alleged crimes include attempting to steal more than $1.3 billion in money and cryptocurrency, unleashing the destructive WannaCry 2.0 ransomware in 2017 and spear-phishing national security officials and government contractors.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers,” said John Demers, assistant attorney general for national security, during a press conference on Wednesday. “The department will continue to confront malicious nation-state cyberactivity with our unique tools and work with our fellow agencies and the family of norms-abiding nations to do the same.”

Additionally, the indictment said the North Korean hackers at times worked from locations in foreign countries, including China and Russia. Demers called on the governments in Beijing and Moscow to take action to prevent the malicious cyberactivity, which has affected businesses and entities around the world. “The time is ripe for Russia and China, as well as any other country whose entities or nationals play a role in the DPRK revenue-generation efforts, to take action,” he said.

Park Jin Hyok, Jon Chang Hyok and Kim Il. (FBI)
Park Jin Hyok, Jon Chang Hyok and Kim Il. (FBI)

Also on Wednesday, the Justice Department announced charges against a Canadian American, Ghaleb Alaumary, who has agreed to plead guilty to acting as a money launderer in multiple crimes, including “a cyber-enabled bank heist orchestrated by North Korean hackers.”

An official with the U.S. Secret Service, which alongside the FBI investigated Alaumary’s money-laundering activity, explained that North Koreans can make use of the funds only once they are converted from cryptocurrency to cash, at which point law enforcement has more options to track the funds' origins and destinations. Law enforcement has ramped up its investigations of criminals seeking funding via cryptocurrency in recent years, including its possible use by conspirators who took part in the Jan. 6 insurrection at the U.S. Capitol.

Simultaneously on Wednesday, multiple federal agencies published a joint cybersecurity advisory concerning malware used by North Korean actors and dubbed “AppleJeus.” According to the federal agencies, North Korean actors have created fake, malicious cryptocurrency trading platforms that, when downloaded, “facilitate theft of cryptocurrency.”

North Korean malicious cyberactivities, typically aimed at embarrassing critics and enriching Kim Jong Un’s regime despite global sanctions, have been a subject of interest to the U.S. government and private companies for a number of years and across both Democratic and Republican administrations. Particularly after North Korean hackers infiltrated Sony in 2014, dumping the private emails of the entertainment industry online, the national security bureaucracy has sought to investigate North Korea’s growing capacity to conduct cyberattacks.

North Korean leader Kim Jong Un attends a plenary meeting of the Workers' Party central committee in Pyongyang, North Korea in this photo supplied by North Korea's Central News Agency (KCNA) on February 10, 2021. (KCNA via Reuters)
North Korean leader Kim Jong Un at a meeting of the Workers' Party in Pyongyang on Feb. 10. (KCNA via Reuters)

When asked on Wednesday whether former President Donald Trump’s diplomatic engagement with North Korea deterred that country's behavior in any way, Demers said the Justice Department has not tried to make that correlation, but concluded that “the North Koreans overall have been fairly persistent in their engagement in these kinds of cybercrimes.”

Demers also said North Korea’s hunt for currency is driven by international sanctions targeting the regime and the country’s economic system.

“So they use their cyber capabilities to get currency wherever they can do that,” he said. “It’s not something we really see from actors in China and Russia or Iran.”

____

Read more from Yahoo News: