US charges North Korean hacker with WannaCry and Sony hack

A North Korean programmer is accused of conducting cyber attacks on behalf of the government

USA Korea

The US Department of Justice has formally charged a North Korean government hacker with a series of major cyber attacks, including the Sony Pictures hack, the theft of $81 million from the Bangladesh Bank and the WannaCry ransomware.

The charges have been filed against North Korean programmer Park Jin Hyok, who the US claims was working as part of a North Korean government-backed hacking operation known commonly as Lazarus Group.

Park, who was educated at a North Korean university, spent a number of years employed by Chosun Expo Joint Venture, a company that is used as a front by the North Korean government and is allegedly used to fund a government cyber espionage division known as 'Lab 110'.

Through an elaborate network of dummy email addresses and social media accounts, network infrastructure paths and IP addresses, investigators say they have managed to link Park and a number of unnamed co-conspirators to key hacks - most notably, the WannaCry ransomware that temporarily crippled the NHS and caused global chaos.

Park and his colleagues were also linked to the 2014 attack on Sony Pictures, which saw caches of internal emails - as well as whole unreleased films - leaked online in retaliation for the release of Seth Rogen and James Franco's film The Interview, which mocks North Korean 'Supreme Leader' Kim Jong Un.

"The scope and damage of the computer intrusions perpetrated [by Park and his allies] is virtually unparalleled," said FBI Special Agent Nathan Shields as part of a sworn affidavit. "The attacks and intrusions described...would have each required the efforts of a well-resourced team of persons working in concert, each performing different tasks.

"The technical evidence... shows that those attacks and intrusions were carried out by a group of persons with access to the same email and social media accounts, computer infrastructure, and source code. Tracing connections back through the operational infrastructure reveals numerous connections between Park, his true-name email and social media accounts and the operational accounts used to conduct the cyber attacks."

While both the UK and the US have publicly blamed North Korea for unleashing WannaCry, this marks the first time that the US government has formally charged an operative of the Democratic People's Republic of Korea for hacking. It follows similar charges which have been levelled at Russian, Iranian and Chinese hackers over the last few years.

While it has no bearing on his own legal battle, the news has been greeted warmly by British malware researcher Marcus Hutchins. Hutchins was the one who discovered the 'kill-switch' that was built into WannaCry, effectively halting the malware's devastating spread.

Although the US government has not charged him with any involvement in the creation of WannaCry, the allegations that he was involved with the Kronos banking Trojan has led some to accuse him of being part of WannaCry as well.

"Law enforcement agencies and government officials around the world are challenged by the internet's invisible borders and its nameless perpetrators when it comes to pursuing or charging cybercriminals," said SonicWall CEO Bill Conner.

"While almost four years have passed since the communications giant sent notifications of its attacks, the U.S. Justice Department's actions are commendable and should serve as a reminder for consumers and organizations alike to remain vigilant."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021