On September 6, 2018, the U.S. government announced the unsealing of a criminal complaint filed in the U.S. District Court Central District of California (Los Angeles) charging Park Jin Hyok (aka Jin Hyok Park and Pak Jin Hek), a North Korean citizen, for his participation in a conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage to massive amounts of computer hardware, and the significant loss of data, money and other resources.
According to the complaint Park participated in a government-sponsored hacking team known as the “Lazarus Group” and worked for a North Korean government front company, Chosun Expo Joint Venture (aka Korea Expo Joint Venture or “KEJV”), to support the DPRK government’s malicious cyber actions.
The conspiracy’s malicious activities include the establishment of the malware used in the 2017 WannaCry 2.0 global ransomware attack; the 2016 theft of $81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment (SPE); and various other attacks or intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities.
Simultaneously, Treasury Secretary Steven Mnuchin announced that the Treasury’s Office of Foreign Assets Control (OFAC) designated Park and KEJV under Executive Order 13722 based on the malicious cyber and cyber-enabled activity alleged in the criminal complaint.
The complaint charges Park with one count of conspiracy to commit computer fraud and abuse, for which there is a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, for which there is a maximum sentence of 20 years in prison.
ark was a computer programmer and worked for more than a decade for KEJV, which had offices in China and N. Korea. It is affiliated with Lab 110, a part of the N. Korean military intelligence. The conspiracy also engaged in malicious cyber activities, utilizing spear-phishing campaigns, destructive malware attacks, exfiltration of data, theft of funds from bank accounts, ransomware extortion, and propagating “worm” viruses to create botnets.
The complaint describes several of the conspiracy’s alleged malicious cyber activities, both successful and unsuccessful, and in the U.S. and abroad, focusing in particular on four specific examples as follows: in November 2014, the destructive attack on Sony Pictures Entertainment (SPE) in retaliation for the movie “The Interview”, a farcical comedy that depicted the assassination of the N. Korean leader; in February 2016, the conspiracy stole $81 million from Bangladesh Bank, accessing the bank’s computer terminals that interfaced with the SWIFT communication system and then sent fraudulently authenticated SWIFT messages directing the Federal Reserve Bank of NY to transfer funds from Bangladesh to accounts in other Asian countries; in 2016 and 2017, the conspiracy targeted various U.S. defense contractors, including Lockheed Martin, with spear-phishing emails; and in May 2017 a ransomware attack known as WannaCry 2.0 infected hundreds of thousands of computers around the work, causing extensive damage, including significantly impacting the UK’s National Health Service.
In connection with the unsealing of the criminal complaint, the FBI and prosecutors furnished cybersecurity providers and other private sector partners detailed information on accounts used by the conspiracy in order to help these partners in their own independent investigative activities and disruptive efforts.
The current issue of the IELR will have a more comprehensive article on the case.