IOTW: The U.S. Department Of Justice Takes A Stand Against North Korean Hackers

Add bookmark

Seth Adler
02/26/2021

On February 17, The United States unsealed an indictment of three North Korean military hackers for their role in a decade-long cyber crime spree.

Facts

In 2014, The Interview was released in theaters. Starring James Franco and Seth Rogan, the premise of the comedy revolved around the assassination of Kim Jong Un. To say that the North Korean dictator was unpleased is an understatement. North Korean hackers belonging to the notorious hacking group Lazarus, formerly known as APT38, targeted Sony Pictures in an attempt to cancel the movie’s release. Later, AMC Theaters and other TV companies were spearfished in retaliation for airing the film. These pet project revenge hacks are a small sampling of the hacks performed by the state-sponsored group which has been terrorizing the globe for the past decade.

Last week on Wednesday, February 17 the U.S. charged Jon Chang Hyok, Kim Il, and Park Jin Hyok for their alleged involvement in the hacking spree that extorted millions of dollars—and a failed attempt at billions—through uniquely varied and creative schemes. Perhaps most famous was the WannaCry worm from 2017 that penetrated through a Windows OS vulnerability to brick computers, steal data, and implant ransomware. The damage from this first iteration of WannaCry was an estimated $4 billion globally.

Later in 2017 and throughout 2018, they pulled off a huge spear-phishing campaign that targeted cryptocurrency wallets through trojan horses disguised as legitimate cryptocurrency applications. They made off with $112 million. They also spearfished United States energy, tech, and aerospace enterprises as well as the U.S. government itself.

Related: 4 Ways To Defend The Enterprise From Nation-State Attacks

With Kim as the mastermind, the group also made their own cryptocurrency called Marine Chain aimed at investors. With fake names and motives, they pitched their idea as a way to invest in cargo ships enabled by blockchain. The motive of this particular scheme was to raise money for the North Korean government while simultaneously dodging international sanctions. It is unknown whether this campaign ever gained any footing, but it certainly goes to show the breadth and depth of the Lazarus thinktank.

Then there were the ATM cash-out schemes on and around October 2018 and the thwarted $1.2 billion extortion attempt that targeted banks in banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa. The extortion attempt involved massive network hacks viral malware communications that unleashed WannaCry 2.0 that stole the confidential information used for ransom.

Perhaps acting US attorney Tracy L. Wilkison said it best: “The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering, The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”

Related: Using The Totality Of Your Threat Intelligence Data

Now, at least on paper, indictments have been made. Park, Kim, and Jon face up to five years in prison for one count of conspiracy to commit computer fraud and abuse and an additional 30 years for one count of conspiracy to commit wire fraud and bank fraud. It is not likely that any of the three will ever be arrested and extradited. Instead, the indictment sends a message to North Korea and other adversaries that the United States isn’t afraid to hold these malicious actors accountable and, on a wider scale, the countries responsible through sanctions and other diplomatic means.

Additionally, the indictment serves as evidence that the United States is increasingly willing to punish cybercriminal actors; a move that was previously reserved for government hacks. Included in the indictment is the Sony hack and the cryptocurrency hack that only targeted American citizens. Hopefully, it will also also act as a deterrent for aiders and abettors.  Ghaleb Alaumary, of Ontario, Canada, agreed to plead guilty to one count of conspiracy to commit money laundering for his role in the cyber crime spree.

Read More: Incident Of The Week

RECOMMENDED