The Justice Department on Wednesday unsealed criminal charges against three North Koreans accused of attempting to hack and steal $1.3 billion in cryptocurrency and cash.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, have become the world’s leading bank robbers,” said Assistant Attorney General for National Security John C. Demers. “The department will continue to confront malicious nation-state cyberactivity with our unique tools and work with our fellow agencies and the family of norms-abiding nations to do the same.”

DOJ previously charged one North Korean programmer in other cybercrimes and charged him again alongside two other alleged conspirators, identified in an indictment as Jon Chang-hyok, Kim Il, and Park Jin-hyok. The accused hackers were attributed to working on behalf of the Reconnaissance General Bureau, a military intelligence agency in North Korea.

The North Korean hackers’ victims reside in the United States, particularly California, but also in countries around the world, including in Mexico, Pakistan, Poland, the United Kingdom and several other countries, according to the indictment. The cyberattacks involved a sophisticated spear-phishing campaign.

“The computer intrusions often started with fraudulent, spear-phishing messages — emails and other electronic communications designed to make intended victims download and execute malicious software (‘malware’) developed by the hackers,” reads the indictment. “At other times, the spear-phishing messages would encourage intended victims to download or invest in a cryptocurrency-related software program created by the hackers, which covertly contained malicious code and/or would subsequently be updated with malicious code after the program was downloaded (a ‘malicious cryptocurrency application’). To hone the spear-phishing messages, the hackers would conduct internet research regarding their intended victims and would send ‘test’ spear-phishing messages to each other or themselves.”

The hackers used false identities when targeting their victims, and Mr. Demers said the hackers sometimes worked from Russia and China.

