US charges North Korean hacker with WannaCry and Sony hack

A North Korean programmer is accused of conducting cyber attacks on behalf of the government

USA Korea

The US Department of Justice has formally charged a North Korean government hacker with a series of major cyber attacks, including the Sony Pictures hack, the theft of $81 million from the Bangladesh Bank and the WannaCry ransomware.

The charges have been filed against North Korean programmer Park Jin Hyok, who the US claims was working as part of a North Korean government-backed hacking operation known commonly as Lazarus Group.

Park, who was educated at a North Korean university, spent a number of years employed by Chosun Expo Joint Venture, a company that is used as a front by the North Korean government and is allegedly used to fund a government cyber espionage division known as 'Lab 110'.

Through an elaborate network of dummy email addresses and social media accounts, network infrastructure paths and IP addresses, investigators say they have managed to link Park and a number of unnamed co-conspirators to key hacks - most notably, the WannaCry ransomware that temporarily crippled the NHS and caused global chaos.

Park and his colleagues were also linked to the 2014 attack on Sony Pictures, which saw caches of internal emails - as well as whole unreleased films - leaked online in retaliation for the release of Seth Rogen and James Franco's film The Interview, which mocks North Korean 'Supreme Leader' Kim Jong Un.

"The scope and damage of the computer intrusions perpetrated [by Park and his allies] is virtually unparalleled," said FBI Special Agent Nathan Shields as part of a sworn affidavit. "The attacks and intrusions described...would have each required the efforts of a well-resourced team of persons working in concert, each performing different tasks.

"The technical evidence... shows that those attacks and intrusions were carried out by a group of persons with access to the same email and social media accounts, computer infrastructure, and source code. Tracing connections back through the operational infrastructure reveals numerous connections between Park, his true-name email and social media accounts and the operational accounts used to conduct the cyber attacks."

While both the UK and the US have publicly blamed North Korea for unleashing WannaCry, this marks the first time that the US government has formally charged an operative of the Democratic People's Republic of Korea for hacking. It follows similar charges which have been levelled at Russian, Iranian and Chinese hackers over the last few years.

While it has no bearing on his own legal battle, the news has been greeted warmly by British malware researcher Marcus Hutchins. Hutchins was the one who discovered the 'kill-switch' that was built into WannaCry, effectively halting the malware's devastating spread.

Although the US government has not charged him with any involvement in the creation of WannaCry, the allegations that he was involved with the Kronos banking Trojan has led some to accuse him of being part of WannaCry as well.

"Law enforcement agencies and government officials around the world are challenged by the internet's invisible borders and its nameless perpetrators when it comes to pursuing or charging cybercriminals," said SonicWall CEO Bill Conner.

"While almost four years have passed since the communications giant sent notifications of its attacks, the U.S. Justice Department's actions are commendable and should serve as a reminder for consumers and organizations alike to remain vigilant."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021