Three North Korean Hackers Indicted in Global Cybercrime Scheme

On Feb. 17, the Department of Justice released a newly unsealed indictment that charges three North Korean cyber operatives in connection with an alleged scheme to steal currency and commit cyberattacks on banks and businesses around the world. The indictment alleges that the men—Jon Chang Hyok, Kim Il and Park Jin Hyok—worked with other conspirators on behalf of Pyongyang's military intelligence agency in North Korea. It also alleges that the trio sometimes traveled to and worked from other countries, including China and Russia. The Justice Department alleges that defendants worked for North Korean military intelligence to engage in criminal hacking, often under the banner of cybercrime groups known as Lazarus Group and APT38.

The indictment alleges a broad campaign of criminal cyber activity. It describes “a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.” The attacks targeted the entertainment industry (including the Sony attack in 2014 which was conducted in retaliation for “The Interview”), banks, U.S. federal agencies and hundreds of other companies.

The indictment was filed on Dec. 8 in the U.S. District Court for the Central District of California. The three defendants remain at large.

You can read the indictment here or below: