Skip to content ↓ | Skip to navigation ↓

The United States Department of Justice has charged three North Korean computer programmers with a range of cyber attacks that made headlines around the world.

The men – 31-year-old Jon Chang Hyok, Kim Il, 27, and 36-year-old Park Jin Hyok – are alleged to have been part of North Korea’s Reconnaissance General Bureau (RGB), known commonly as the “Lazarus Group” or “APT38”, tasked with criminal hacking operations.

And – according to the DOJ – the men undertook a number of criminal cyber attacks at the behest of the North Korean regime, including:

  • The 2014 “Guardians of the Peace” hack of Sony Pictures, seemingly in retaliation to the production of “The Interview,” a comedy that depicted a CIA plot to assassinate North Korean leader Kim Jong-Un.
  • The 2017 WannaCry ransomware attack, which hit the UK’s National Health Service hard, as well as other ransomware attacks in the years since.
  • The creation and distribution of malicious cryptocurrency trading and wallet apps, that provided North Korean hackers with a way to infiltrate victims’ devices.
  • The theft of millions of dollars worth of cryptocurrency from hacked exchanges and financial services companies.
  • Spearphishing attacks against targeted employees of United States energy companies, aerospace companies, technology companies, the US Department of State, and the Department of Defense.
  • Attempts to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by infiltrating their networks and sending fraudulent messages via the SWIFT banking system.

The DOJ claims that although the men were working for North Korea, they were sometimes stationed in other counties, including Russia and China.

In addition to unsealing the charges against the three men, the FBI, US Department of Treasury, and Department of Homeland Security have issued a security advisory regarding a family of North Korean malware known as AppleJeus that poses as a variety of different cryptocurrency trading applications.

“North Korea has used AppleJeus malware posing as cryptocurrency trading platforms since at least 2018. In most instances, the malicious application — seen on both Windows and Mac operating systems — appears to be from a legitimate cryptocurrency trading company, thus fooling individuals into downloading it as a third-party application from a website that seems legitimate.

The advisory goes on to explain that the attackers also use phishing, social networking, and social engineering attacks to trick users into downloading the malware.

The malicious cryptocurrency trading apps have names such as Celas Trade Pro, WorldBit-Bot, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale, although obviously it would be trivial for them to adopt new disguises.

Jon, Kim, and Park are charged by the Department of Justice with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.

Of course, as all three men are believed to work for the North Korean military it seems unlikely that they will ever have their day in court in America.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Mastering Configuration Management Across the Modern Enterprise