The US Department of Justice has opened new charges against North Korea’s state-sponsored military hacking group, Lazarus.
The new indictment expands the charges initially brought against Park Jin Hyok, a North Korean military hacker who was charged by the US in September 2018 for his involvement in the Sony hacks, WannaCry ransomware attacks, and bank cyber-heists.
The new indictment also charges two additional North Korean hackers, namely Jon Chang Hyok 31, and Kim Il 27.
According to the US officials, the three hackers are part of units of the Reconnaissance General Bureau (RGB), a North Korean military intelligence agency, part of which they participated in a worldwide hacking campaign that dates back to 2014 and includes the likes of:
- The hack of Sony Pictures Entertainment in 2014, in retaliation for the studio releasing The Interview movie.
- Cyber-heists at banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and across Africa. The group targeted the bank’s SWIFT money transfer system to steal more than $1.2 billion in funds.
- ATM cash-out attacks using the FASTCash malware. The group managed to steal $6.1 million from Pakistan’s BankIslami in October 2018.
- The WannaCry ransomware outbreak of May 2017.
- Creating and spreading malware-laced cryptocurrency apps that stole users’ funds. Examples include Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale.
- Hacks of cryptocurrency exchange portals. The group targeted hundreds of such entities and stole tens of millions of US dollars.
- Spear-phishing campaigns targeting US defense contractors, energy companies, aerospace companies, technology companies, the United States Department of State, and the United States Department of Defense.
- Creating a fake cryptocurrency company and releasing the Marine Chain Token. This scheme would have allowed users to purchase ownership of marine vessels via a cryptocurrency token, allowing the North Korean state to gain access to investor funds and bypass US sanctions.
The US officials stated that some of the campaigns were done for intelligence collection, while many were criminal endeavors to collect funds.
Assistant Attorney General John Demers described the three hackers and the Lazarus Group as “the world’s leading bank robbers” and “a criminal syndicate with a flag.”
Later, the DOJ also charged a Canadian national named Ghaleb Alaumary for helping the Lazarus Group launder some of their stolen funds.
The accused was a prolific money launderer for hackers engaged in ATM cash-out schemes, cyber-enabled bank heists, business email compromise (BEC) schemes, and other online fraud schemes.
He allegedly organized crews of money launderers in the US and Canada to receive stolen funds and then relay the funds to other accounts under the hackers’ control.
This included laundering funds stolen from the BankIslami ATM cash-out attack, another ATM cash-out from an Indian bank that took place in 2018, and funds stolen from a Maltese bank in 2019.
Alaumary is the third North Korean money mule charged in the US after the DOJ charged two Chinese nationals in March last year.
Image Credits : Ars Technica