US charges North Korean hacker with WannaCry and Sony hack

A North Korean programmer is accused of conducting cyber attacks on behalf of the government

USA Korea

The US Department of Justice has formally charged a North Korean government hacker with a series of major cyber attacks, including the Sony Pictures hack, the theft of $81 million from the Bangladesh Bank and the WannaCry ransomware.

The charges have been filed against North Korean programmer Park Jin Hyok, who the US claims was working as part of a North Korean government-backed hacking operation known commonly as Lazarus Group.

Park, who was educated at a North Korean university, spent a number of years employed by Chosun Expo Joint Venture, a company that is used as a front by the North Korean government and is allegedly used to fund a government cyber espionage division known as 'Lab 110'.

Advertisement - Article continues below

Through an elaborate network of dummy email addresses and social media accounts, network infrastructure paths and IP addresses, investigators say they have managed to link Park and a number of unnamed co-conspirators to key hacks - most notably, the WannaCry ransomware that temporarily crippled the NHS and caused global chaos.

Park and his colleagues were also linked to the 2014 attack on Sony Pictures, which saw caches of internal emails - as well as whole unreleased films - leaked online in retaliation for the release of Seth Rogen and James Franco's film The Interview, which mocks North Korean 'Supreme Leader' Kim Jong Un.

Advertisement - Article continues below

"The scope and damage of the computer intrusions perpetrated [by Park and his allies] is virtually unparalleled," said FBI Special Agent Nathan Shields as part of a sworn affidavit. "The attacks and intrusions described...would have each required the efforts of a well-resourced team of persons working in concert, each performing different tasks.

Advertisement - Article continues below

"The technical evidence... shows that those attacks and intrusions were carried out by a group of persons with access to the same email and social media accounts, computer infrastructure, and source code. Tracing connections back through the operational infrastructure reveals numerous connections between Park, his true-name email and social media accounts and the operational accounts used to conduct the cyber attacks."

While both the UK and the US have publicly blamed North Korea for unleashing WannaCry, this marks the first time that the US government has formally charged an operative of the Democratic People's Republic of Korea for hacking. It follows similar charges which have been levelled at Russian, Iranian and Chinese hackers over the last few years.

While it has no bearing on his own legal battle, the news has been greeted warmly by British malware researcher Marcus Hutchins. Hutchins was the one who discovered the 'kill-switch' that was built into WannaCry, effectively halting the malware's devastating spread.

Although the US government has not charged him with any involvement in the creation of WannaCry, the allegations that he was involved with the Kronos banking Trojan has led some to accuse him of being part of WannaCry as well.

"Law enforcement agencies and government officials around the world are challenged by the internet's invisible borders and its nameless perpetrators when it comes to pursuing or charging cybercriminals," said SonicWall CEO Bill Conner.

"While almost four years have passed since the communications giant sent notifications of its attacks, the U.S. Justice Department's actions are commendable and should serve as a reminder for consumers and organizations alike to remain vigilant."



cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
flexible working

Why we’re lucky COVID-19 has come now

3 Apr 2020