Prosecutors unsealed an indictment on Wednesday charging three North Korean computer programmers with a criminal conspiracy to steal and extort $1.3 billion from financial institutions and companies in both cryptocurrency and cash.
The charges expand on the first case brought in 2018 against a North Korean regime-affiliated hacker tied to some of the nation’s most prominent alleged hacking campaigns, including the 2014 Sony attack, the 2016 Bangladesh bank heist and the 2017 WannaCry outbreak.
In a second unsealed case on Wednesday, a Canadian-American citizen pleaded guilty to serving as a money launderer for numerous schemes, including a cyber bank heist that North Korean hackers orchestrated.
“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division.
The indictment of the three North Korean men — Jon Chang Hyok, Kim Il and Park Jin Hyok, the third of whom the DOJ targeted in 2018 — accuses them of working on behalf of North Korea’s Reconnaissance General Bureau, a military intelligence agency. And Canadian-American Ghaleb Alaumary pleaded guilty to aiding North Korean hackers’ cyber-assisted financial crimes.
Also Wednesday, the Department of Homeland Security, FBI and Treasury Department released an analysis of malware that the agencies said the North Korean government uses to steak cryptocurrency, dubbed “AppleJeus.”
Although officials briefing reporters on Wednesday said they couldn’t pinpoint how successful the hackers were in their attempts to steal nearly $1.3 billion, the indictment does allege cryptocurrency thefts of at least $112 million. Demers said the Justice Department seized and plans to return $2 million of that back to an unnamed New York-based financial services company.
DOJ’s tally of the attempted theft amount pertains only to the three men indicted. The U.N. in 2019 estimated that North Korea has stolen $2 billion via cyberattacks to fund its weapon of mass destruction program, and added to that figure in a more recent report.
“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” Demers said.
And all the money laundering efforts blur the line between nation-state hackers and global criminal organizations, making putting the case together like solving a “1,000-piece puzzle,” said Jesse Baker, special agent in charge of the Los Angeles field office of the Secret Service.
Most recently, the hackers sought to steal from a bank in Malta in 2019, the indictment reads. But it also alleges ATM cash-outs via malware that in one case allowed the co-conspirators netted $6.1 million from a single bank.
“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said Tracy Wilkinson, the acting U.S. Attorney for the Central District of California. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.”