North Korean Regime-Backed Programmer Faces 25 Years In Prison, Conspiracy Charges For Worldwide Destructive Cyber Attacks
Photo: Park Jin Hyok (Reuters)
LOS ANGELES – Park Jin Hyok (박진혁; aka Jin Hyok Park and Pak Jin Hek), a North Korean citizen, was criminally charged for conspiracy to conduct multiple destructive cyberattacks around the globe. The U.S. Dept. of Justice announced Thursday that massive amounts of computer hardware damage, and extensive loss of data, money and other resources (the “Conspiracy”) resulted.
Park is part of a North Korean hacking team responsible for Global WannaCry 2.0 Ransomware, destructive cyberattack on Sony Pictures, and Central Bank cybertheft in Bangladesh. The Conspiracy’s methods reportedly included spear-phishing campaigns, destructive malware attacks, exfiltration of data, theft of funds from bank accounts, ransomware extortion, and propagating “worm” viruses to create botnets.
Park was a computer programmer who worked for over a decade for Chosun Expo Joint Venture (aka Korea Expo Joint Venture or “KEJV ”). Offices are in China and the DPRK, and are affiliated with Lab 110, a component of DPRK military intelligence.
Attorney General Jeff Sessions and FBI Director Christopher A. Wray announced the charges along with –
- Assistant Attorney General for National Security John C. Demers;
- First Assistant United States Attorney for the Central District of California Tracy Wilkison;
- and Assistant Director in Charge Paul D. Delacourt of the FBI’s Los Angeles Field Office.
The complaint alleges that Park was a member of the government-sponsored “Lazarus Group,” a private-sector known hacking team. Park worked at a North Korean government front company to support the DPRK government’s malicious cyber actions.
“The complaint charges members of this North Korean-based conspiracy with being responsible for cyberattacks that caused unprecedented economic damage and disruption to businesses in the United States and around the globe,” said First Assistant United States Attorney Tracy Wilkison.
Subsequently, FBI and federal prosecutors employed sophisticated means to trace the attacks back to the source. Then they mapped their commonalities and discovered similarities among various programs used to infect worldwide networks and generate illicit revenues in violation of U.S. sanctions.
Similarly, Treasury Secretary Steven Mnuchin announced today that the Dept. of the Treasury’s Office of Foreign Assets Control (OFAC) designated Park and KEJV under Executive Order 13722 based on the malicious cyber and cyber-enabled activity outlined in the criminal complaint.
“The scale and scope of the cyber-crimes alleged by the Complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General Demers. “The Complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage.
As a result, the conspiracy’s malicious activities include –
- the creation of malware used in the 2017 WannaCry 2.0 global ransomware attack;
- the 2016 theft of $81 million from Bangladesh Bank;
- the 2014 attack on Sony Pictures Entertainment (SPE);
- numerous attacks/intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities.
Consequently, Park faces one count of conspiracy to commit computer fraud and abuse. This charge carries maximum sentence is five years in prison. Also, one count of conspiracy to commit wire fraud, with a maximum sentence of 20 years in prison.
Said Wilkison, “These charges send a message that we will track down malicious actors no matter how or where they hide. We will continue to pursue justice for those responsible for the huge monetary losses and attempting to compromise the national security of the United States.”
This “demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” said FBI Director Christopher Wray. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign. This group’s actions are particularly egregious as they targeted public and private industries worldwide. (They stole) millions of dollars, threatening to suppress free speech, and crippling hospital systems. We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are.”