North Korean Charged in Sony Hack, WannaCry Attack

September 6, 2018 Updated: October 5, 2018

A North Korean programmer has been charged for involvement in cyberattacks including the 2014 hacking of Sony Pictures and the unprecedented 2017 ransomware attack dubbed “WannaCry 2.0.”

Park Jin Hyok, 34, was a member of the hacker team known as the Lazarus Group, linked to the North Korean communist regime, prosecutors allege. He worked for the Chosun Expo Joint Venture, a company with offices in North Korea and China and affiliated with North Korean military intelligence.

North Korean programmer Park Jin Hyok.
North Korean programmer Park Jin Hyok. (U.S. Department of Justice)

The Lazarus Group has been blamed for some of the most high-profile cyberattacks.

In 2014, the hackers allegedly attacked Sony Pictures Entertainment Inc. (SPE) in what was thought to be retaliation for the studio’s movie “The Interview,” a comedy that depicts the assassination of the North Korean leader.

“The conspirators gained access to SPE’s network by sending malware to SPE employees, and then stole confidential data, threatened SPE executives and employees, and damaged thousands of computers,” stated a Sept. 6 Justice Department (DOJ) release.

In February 2016, the group allegedly stole $81 million from Bangladesh Bank in a cyber heist that started with penetrating the bank’s computer network with spear-phishing emails. The group also gained access to other banks around the world in an attempt to steal at least $1 billion.

In 2016 and 2017, the group allegedly attacked U.S. defense contractors, including Lockheed Martin, with spear-phishing emails. The emails were designed to look like recruiter messages from other defense contractors. The attack was unsuccessful, the DOJ stated. Lockheed is the developer of the THAAD anti-ballistic missile system deployed in South Korea.

The Lazarus Group was also allegedly involved in the development of the WannaCry 2.0 ransomware and its two previous iterations.

In May 2017, the ransomware infected hundreds of thousands of computers. It encrypted data on the computers and demanded a payment in bitcoin to unlock the data. The attacks significantly affected the National Health Service hospitals in England and Scotland, a Nissan auto plant in England, Spanish telecom operator Telefónica, U.S.-based courier company FedEx, and many others. The losses were estimated to reach in the hundreds of millions.

“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign,” said FBI Director Christopher Wray in the release.

“This group’s actions are particularly egregious as they targeted public and private industries worldwide—stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems.

“We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are.”

Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison.

The investigators went to great lengths to connect Park with the conspiracy, obtaining about 100 search warrants to access some 1,000 email and social media accounts. They also extended about 85 requests for evidence to foreign countries. The nearly 180-page criminal complaint against Park (pdf) was filed on June 8 but was only unsealed on Sept. 6.

Park is unlikely to stand trial for the alleged crimes, since neither China nor North Korea is known to extradite suspects to the United States.

Follow Petr on Twitter: @petrsvab
RECOMMENDED