The Department of Justice announced charges Thursday against a North Korean spy in connection with the 2014 attack on Sony Pictures and the 2017 WannaCry ransomware attack.
Park Jin Hyok, a North Korean computer programmer, has been charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud.
The U.S. government alleges that Park was operating under the front company “Chosun Expo” or the “Korean Expo Joint Venture,” in addition to activities conducted on behalf of North Korea’s Reconnaissance General Bureau.
The complaint says that alongside the attacks on Sony, Park was part of a group that also attacked AMC Theaters and U.K.-based independent production company Mammoth Screen around the same time as the Sony Pictures hack.
Additionally, the government alleges that Park was instrumental in attacks on defense contractor Lockheed Martin and the Bank of Bangladesh. The latter incident saw $81 million stolen through the bank’s connection to the SWIFT international communication network.
“The criminal conduct outlined in this case is intolerable,” said said First Assistant United States Attorney Tracy Wilkison at a press conference in Los Angeles. “These are criminal acts and we will prosecute those who commit them. We cannot expect citizens and companies to stand alone against the resources of a nation committing crimes.”
While Park is the only person named, the 179-page complaint lays out how the North Korean bureau attacked its various targets through spearphishing and watering hole attacks. Justice Department officials said the investigation into the RGB’s actions continues.
U.S. officials have previously pinned the Sony and WannaCry attacks to hackers working in connection with North Korea. The U.S. government publicly linked North Korea to WannaCry last December. Other governments and private cybersecurity companies linked the attacks to North Korea far prior to the U.S.’s public announcement.
In 2014, hackers successfully got Sony to pull “The Interview” from theaters after they dumped salacious internal communications and wiped Sony machines, crippling operations in the process. The movie depicted North Korean leader Kim Jong-Un dying in a crude fashion, upsetting the regime prior to release.
Both attacks were attributed to the Lazarus Group, which has long been connected to the North Korean regime. Aside from the two incidents tied to the complaint, the group has been connected to a number of other operations, including an attempt to hack foreign policy staffers tied to Hillary Clinton’s presidential campaign.
The complaint details how Park used a number of email addresses to conduct spearphishing campaigns on various targets. Officials said Park’s reuse of a number of email addresses was used to establish his identity.
The Justice Department has been charging hackers as a deterrence method in an effort to thwart hacking efforts from adversarial nation-states. In July, the department indicted 12 Russian intel officers in connection with 2016 hack at the Democratic National Committee. The department has also indicted hackers tied to China and Iran in the past 18 months.
Jeanette Manfra, the Department of Homeland Security’s top cybersecurity official, told reporters Thursday that the U.S. government’s public “naming and shaming” of foreign hackers, when coupled with other actions, has an effect in deterring that behavior.
“There are a lot of tools that the government has that we don’t talk publicly about that we also want to ensure that we’re using,” she said.
It’s very unlikely Park will ever see the inside of a U.S. courtroom. The U.S. government has no diplomatic relations with North Korea. Justice Department officials said they were not in contact with the country’s regime ahead of announcing the charges.
The U.S. Treasury also sanctioned Chosun Expo Joint Venture, preventing any entity that does business within the U.S. to conduct other business with Park or the group.
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin. “The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities.”
You can read the full complaint below.
Sean Lyngaas contributed to this report.
[documentcloud url=”http://www.documentcloud.org/documents/4834226-2018-09-06-PARK-COMPLAINT-UNSEALED.html” responsive=true height=500]