The Justice Department announced cyber hacking charges against a North Korean national linked to the computer hacking of Sony in 2014, the WannaCry ransomware attack, and other significant cyber intrusions in a criminal complaint unsealed Thursday.
North Korea has been linked to some of the most high-profile cyberattacks in recent years, and its hack on Sony Pictures Entertainment lead the Obama administration to impose economic sanctions against the country’s government agencies and senior officials.
Thursday’s announcement marks the first time US prosecutors have brought criminal charges against an official associated with the Sony breach and other attacks, with the DOJ targeting North Korean computer programmer Park Jin Hyok.
A Justice Department official said there has been no communication with the North Korean government about Park or any efforts to capture him.
The 172-page complaint, which includes one count of conspiracy to commit computer fraud and one count of conspiracy to commit wire fraud, was filed in Los Angeles federal court on June 8, but Justice officials declined to say why it was unsealed Thursday. The officials did say, however, that the investigation is ongoing and while Park is the only individual charged at this time, the complaint makes clear that he worked with others.
“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” said FBI Director Christopher Wray in a statement. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign.”
The allegations in the complaint describe a “wide-ranging, multi-year conspiracy (that) targeted computers belonging to entertainment companies, financial institutions, defense contractors, and others for the purpose of causing damage, extracting information, and stealing money.”
The Treasury Department also announced Thursday that it is sanctioning Park, “for having engaged in significant activities undermining cybersecurity through the use of computer networks or systems against targets outside of North Korea” on behalf of the government.
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”
Treasury said it was also sanctioning the entity Park worked for, Chosun Expo Joint Venture, also known as Korea Expo Joint Venture or KEJV, and said it was controlled by the government of North Korea.
The Justice and Treasury departments also linked Park to the February 2016 cyber-enabled fraudulent transfer of $81 million from Bangladesh Bank and the ransomware used in the May 2017 “WannaCry 2.0” cyber-attack, which encrypted data on Microsoft computers across the world and demanded ransom payments in Bitcoin cryptocurrency.
The Treasury announcement said that Park and his co-conspirators operated from “North Korea, China, and elsewhere to perpetrate these malicious activities.” Asked if any of Park’s attacks were launched from China by North Korea, a Justice Department official said, “there’s nothing in the complaint alleged on that.”