US charges North Korean hacker with WannaCry and Sony hack
A North Korean programmer is accused of conducting cyber attacks on behalf of the government
The US Department of Justice has formally charged a North Korean government hacker with a series of major cyber attacks, including the Sony Pictures hack, the theft of $81 million from the Bangladesh Bank and the WannaCry ransomware.
The charges have been filed against North Korean programmer Park Jin Hyok, who the US claims was working as part of a North Korean government-backed hacking operation known commonly as Lazarus Group.
Park, who was educated at a North Korean university, spent a number of years employed by Chosun Expo Joint Venture, a company that is used as a front by the North Korean government and is allegedly used to fund a government cyber espionage division known as 'Lab 110'.
Through an elaborate network of dummy email addresses and social media accounts, network infrastructure paths and IP addresses, investigators say they have managed to link Park and a number of unnamed co-conspirators to key hacks - most notably, the WannaCry ransomware that temporarily crippled the NHS and caused global chaos.
Park and his colleagues were also linked to the 2014 attack on Sony Pictures, which saw caches of internal emails - as well as whole unreleased films - leaked online in retaliation for the release of Seth Rogen and James Franco's film The Interview, which mocks North Korean 'Supreme Leader' Kim Jong Un.
"The scope and damage of the computer intrusions perpetrated [by Park and his allies] is virtually unparalleled," said FBI Special Agent Nathan Shields as part of a sworn affidavit. "The attacks and intrusions described...would have each required the efforts of a well-resourced team of persons working in concert, each performing different tasks.
"The technical evidence... shows that those attacks and intrusions were carried out by a group of persons with access to the same email and social media accounts, computer infrastructure, and source code. Tracing connections back through the operational infrastructure reveals numerous connections between Park, his true-name email and social media accounts and the operational accounts used to conduct the cyber attacks."
While both the UK and the US have publicly blamed North Korea for unleashing WannaCry, this marks the first time that the US government has formally charged an operative of the Democratic People's Republic of Korea for hacking. It follows similar charges which have been levelled at Russian, Iranian and Chinese hackers over the last few years.
While it has no bearing on his own legal battle, the news has been greeted warmly by British malware researcher Marcus Hutchins. Hutchins was the one who discovered the 'kill-switch' that was built into WannaCry, effectively halting the malware's devastating spread.
Although the US government has not charged him with any involvement in the creation of WannaCry, the allegations that he was involved with the Kronos banking Trojan has led some to accuse him of being part of WannaCry as well.
"Law enforcement agencies and government officials around the world are challenged by the internet's invisible borders and its nameless perpetrators when it comes to pursuing or charging cybercriminals," said SonicWall CEO Bill Conner.
"While almost four years have passed since the communications giant sent notifications of its attacks, the U.S. Justice Department's actions are commendable and should serve as a reminder for consumers and organizations alike to remain vigilant."
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now