The Justice Department on Wednesday unsealed criminal charges against three North Koreans accused of attempting to hack and steal $1.3 billion in cryptocurrency and cash.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” said Assistant Attorney General for National Security John C. Demers. “The department will continue to confront malicious nation-state cyberactivity with our unique tools and work with our fellow agencies and the family of norms-abiding nations to do the same.”
Justice previously charged one North Korean programmer in other cybercrimes and charged him again alongside two other mens, identified in an indictment as Jon Chang-hyok, Kim Il and Park Jin-hyok. The accused hackers were working on behalf of the Reconnaissance General Bureau, a military intelligence agency in North Korea, the department said.
The hackers’ victims live in the United States, particularly California, but also in countries around the world, including Mexico, Pakistan, Poland, the United Kingdom and several other countries, according to the indictment. The cyberattacks involved a sophisticated spear-phishing campaign.
“The computer intrusions often started with fraudulent, spear-phishing messages — emails and other electronic communications designed to make intended victims download and execute malicious software (‘malware’) developed by the hackers,” the indictment states. “At other times, the spear-phishing messages would encourage intended victims to download or invest in a cryptocurrency-related software program created by the hackers, which covertly contained malicious code and/or would subsequently be updated with malicious code after the program was downloaded (a ‘malicious cryptocurrency application’). To hone the spear-phishing messages, the hackers would conduct internet research regarding their intended victims and would send ‘test’ spear-phishing messages to each other or themselves.”
The hackers used false identities when targeting their victims, and Mr. Demers said the hackers sometimes worked from Russia and China.
Asked by reporters whether the North Koreans’ cyber-activity changed amid former President Trump’s diplomatic overtures, Mr. Demers said his department did not map the activity alongside the diplomatic overtures to know whether any change was made.
The indictment states that the hackers were motivated by a desire to advance the strategic and financial interests of North Korea and its leader, Kim Jong-un, alongside other factors such as causing damage and collecting money and data.
“In some instances, the hackers sought to cause damage through computer intrusions in response to perceived reputational harm or to obtain information furthering strategic interests of the DPRK regime,” the indictment read. “In many instances, the hackers intended the computer intrusions to steal currency and virtual currency (also known as “cryptocurrency”), or to obtain it through extortion, for the benefit of the DPRK regime — and, at times, for their own private financial gain.”
The investigation is several years in the making, as the first alleged overt act in the indictment occurred in 2014.
The timing of the unsealed indictment comes as cryptocurrency has received newfound attention amid soaring prices for the digital currency bitcoin. On Wednesday, bitcoin’s value rose above $51,700, an increase of 78% in 2021, according to Business Insider.