This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
      • Featured Products
    • Security Blog
    • Newsletter
    • Web Exclusives
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • PHYSICAL
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • CYBER
    • Cybersecurity News
    • More
  • SECTORS
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • EXCLUSIVES
    • Top Cybersecurity Leaders
    • The Security Benchmark Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Women in Security
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MORE
    • Call for Entries
    • Podcasts
    • Videos
      • Cybersecurity & Geopolitical Vodcast
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Store
    • Sponsor Insights
    • Continuing Education
  • INFOCENTERS
    • Put the Smart In Building Security
  • EMAGAZINE
    • eMagazine
    • This Month's Content
    • Contact Us
      • Editorial Guidelines
    • Advertise
    • Subscribe
CybersecuritySecurity NewswireCybersecurity News

Three North Korean military hackers indicted in scheme to commit cyberattacks

workforce
February 18, 2021
A federal indictment charged three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.

The hacking indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok (전창혁), 31; Kim Il (김일), 27; and Park Jin Hyok (박진혁), 36, were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged in a criminal complaint unsealed in September 2018. 

The indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain. The schemes alleged include:

  • Cyberattacks on the Entertainment Industry: The destructive cyberattack on Sony Pictures Entertainment in November 2014 in retaliation for “The Interview,” a movie that depicted a fictional assassination of the DPRK’s leader; the December 2014 targeting of AMC Theatres, which was scheduled to show the film; and a 2015 intrusion into Mammoth Screen, which was producing a fictional series involving a British nuclear scientist taken prisoner in DPRK.
  • Cyber-Enabled Heists from Banks: Attempts from 2015 through 2019 to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking the banks’ computer networks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages.
  • Cyber-Enabled ATM Cash-Out Thefts: Thefts through ATM cash-out schemes – referred to by the U.S. government as “FASTCash” – including the October 2018 theft of $6.1 million from BankIslami Pakistan Limited (BankIslami).
  • Ransomware and Cyber-Enabled Extortion: Creation of the destructive WannaCry 2.0 ransomware in May 2017, and the extortion and attempted extortion of victim companies from 2017 through 2020 involving the theft of sensitive data and deployment of other ransomware.
  • Creation and Deployment of Malicious Cryptocurrency Applications: Development of multiple malicious cryptocurrency applications from March 2018 through at least September 2020 – including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale – which would provide the North Korean hackers a backdoor into the victims’ computers.
  • Targeting of Cryptocurrency Companies and Theft of Cryptocurrency: Targeting of hundreds of cryptocurrency companies and the theft of tens of millions of dollars’ worth of cryptocurrency, including $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August 2020 in which the hackers used the malicious CryptoNeuro Trader application as a backdoor.
  • Spear-Phishing Campaigns: Multiple spear-phishing campaigns from March 2016 through February 2020 that targeted employees of United States cleared defense contractors, energy companies, aerospace companies, technology companies, the U.S. Department of State, and the U.S. Department of Defense.
  • Marine Chain Token and Initial Coin Offering: Development and marketing in 2017 and 2018 of the Marine Chain Token to enable investors to purchase fractional ownership interests in marine shipping vessels, supported by a blockchain, which would allow the DPRK to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.

According to the allegations, the three defendants were members of units of the RGB who were at times stationed by the North Korean government in other countries, including China and Russia. While these defendants were part of RGB units that have been referred to by cybersecurity researchers as Lazarus Group and APT38, the indictment alleges that these groups engaged in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.

Kevin Dunne, President at Flemington, New Jersey-based Greenlight, says, "This indictment reminds us that that whenever there are important financial or informational assets available, bad actors will undoubtedly find creative ways to gain access to the systems where they reside.  Typically, the greater the number of digital assets you have at risk, the greater the reward for bad actors, explaining why many large multi-national corporations were a prime target of these attacks. Any company with valuable digital assets at risk needs to operate with the mindset that bad actors will gain access to their systems at some point. Companies should invest in a comprehensive approach to implement Zero Trust security, therefore limiting the damage hackers can cause once they gain access."

Tim Wade, Technical Director, CTO Team at San Jose, Calif.-based Vectra, explains, “This recent indictment further underscores that private sector organizations in numerous verticals have been, and will continue to be, targeted by nation state actors whose resources to attack may exceed their resources to defend. As such, attempting to play a symmetrical game of preventative controls against an asymmetrical adversary is a losing proposition. The key for modern network defenders is evolution past prevention objectives into strategic resilience objectives – where the balance tips back in the favor of the defender by focusing on cost-effectively diminishing impact through broadening detection, response, and recovery capabilities.”

KEYWORDS: cryptocurrency cyber security hackers risk management

Share This Story

Subscribe to Security Magazine

Subscribe For Free!
  • eMagazine Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.

close
  • security camera
    Sponsored byAxis

    The power of analytics in surveillance: What can they do for you?

  • security office
    Sponsored byExperian

    Taking a Personal Approach to Identity Will Mitigate Fraud Risk & Ensure a Great Customer Experience

  • fiserv-forum
    Sponsored byAxis

    Wisconsin’s Deer District scores a winning security plan

Popular Stories

Top cyber security conferences 2023

Top cybersecurity conferences of 2023

Top security conferences of 2023

Top security conferences of 2023

Cyber tactics

2023: The year for contextual cyber threat intelligence

health care data privacy

The outlook for healthcare cybersecurity in 2023

Campus security officer

Considerations for security officer training in healthcare facilities

Most Influential

Events

December 6, 2022

Building a Resilient Enterprise

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 

February 16, 2023

Executive Protection for Hospitals and Healthcare Facilities

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?

View All Submit An Event

Products

Effective Security Management, 7th Edition

Effective Security Management, 7th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
Security Most Influential

Related Articles

  • hacker- enews

    North Korean hackers are skimming US and European shoppers

    See More
  • cybersecurity

    Google: North Korean hackers target security researchers

    See More
  • data center-enews

    CISA, FBI, Treasury Department & CYBERCOM warn of North Korean malware

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

SUBSCRIBE TODAY!
  • Want More
    • Connect
    • Partners
    • Subscribe
  • Resources
    • Editorial Guidelines
    • Security Group
    • Market Research
    • Custom Content & Marketing Services
    • Survey And Sample
  • Privacy
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2023. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing