The U.S. Department of Justice has unsealed indictments against three North Koreans who are accused of launching numerous cyber-attacks against American entities since at least 2014. The particular group is believed to be supported by the North Korean state, and so their motives were mostly geared towards cyber-espionage and operational disruption.
North Korean hackers, however, are also financially motivated, as we have discussed many times in the recent past. The DoJ believes that the three indicted persons are involved in the attempted theft of at least $1.2 billion.
The indicted persons are Jon Chang Hyok (31), Kim Il (27), and Park Jin Hyok (36), all members of the Reconnaissance General Bureau (RGB), which is, in turn, an intelligence agency directly linked to the Democratic People’s Republic of Korea (DPRK). As for the specific hacking group they belong to, that would be the notorious Lazarus Group or APT38.
The schemes mentioned in the relevant announcement by the DoJ include the following:
The above is enough to lock the three hackers in prison for decades, but of course, we do not expect them ever to set foot in the United States. Also, there’s, of course, no extradition treaty between North Korea and the United States, and these hackers are state-sponsored anyway. Keeping their IDs secret and snatching them if they ever get to another country wouldn’t work either, as these hackers never leave North Korea anyway.
The FBI has obtained seizure warrants for whatever cryptocurrency amounts could be confirmed as stolen by the three hackers, and already, about $1.9 million has been returned to their victims. That’s admittedly only a small portion of what the Lazarus group has stolen, but more may follow soon.