They are now on the FBI’s “most wanted” list. Three hackers belonging to North Korean military intelligence were indicted in the United States on Wednesday. They are notably accused of having participated in the Sony Pictures hack in 2014, in the vast extortion campaign via the WannaCry ransomware in 2017 and in several cyber attacks targeting banks and the cryptocurrency industry in an attempt to steal around 1.3 billion. of dollars.
Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, belong to the elite group in Pyongyang that computer researchers have dubbed the “Lazarus group”. Within the FBI, it is known under the nomenclature Advanced Persistent Threat 38, or APT 38.
“These North Korean agents, using computer keyboards rather than weapons, stealing computer wallets filled with cryptocurrency rather than bags filled with cash, are the number one bank robbers in the world,” commented Federal Attorney John Demers.
Bypass UN financial sanctions
The scale of their crimes is “pharaminous” and illustrates “the growing alliance between officials working for states and highly sophisticated pirates,” said Michael D’Ambrosio, a director of the Secret Service. The three agents are accused of having carried out these operations in order to obtain funds for their government, by avoiding the UN sanctions which have dried up the sources of income of the Pyongyang regime.
For at least seven years, according to the US authorities, they created malicious cryptocurrency applications that opened “back doors” (back doors, or illegitimate access) in targeted computers; have hacked into companies trading digital currencies like bitcoin; and have developed a blockchain platform to evade sanctions and secretly raise funds.
The US Department of Justice does not specify the total sum on which the three men would have got their hands. But during an operation in 2018, for example, they stole, according to the Justice Department, $ 6.1 million from ATMs in BankIslami, Pakistan, after having access to the computer network. They would also have seized virtual currency exchanges in Slovenia and Indonesia and stolen $ 11.8 million from a New York exchange market.