November 30, 2023

Federal authorities announced Wednesday that three North Korean computer programmers were charged with carrying out a series of cyberattacks in an attempt to steal and extort more than $ 1.3 billion in cash and cryptocurrency from financial institutions and corporations.

The programmers, who are part of a North Korean military intelligence agency, are accused of having “created and deployed several malicious cryptocurrency applications and developed and fraudulently marketed a blockchain platform,” according to a press release from the Justice Department.

In addition, repeated “spear phishing campaigns” were carried out from 2016 to early 2020 targeting employees of the US Department of Defense, State Department, and employees of US-approved defense, energy, aerospace and technology firms.

Hackers also took control of ATMs to take cash from them as part of the conspiracy, the indictment said.

During a press conference on Wednesday, officials said the development and labeling of the so-called Marine Chain Token in 2017 and 2018, which allowed investors to acquire stakes in cargo ships using blockchain technology, enabled North Korea to “secretly raise funds” from investors , Control interests in ocean-going vessels and circumvention of US sanctions. “

Tracy Wilkinson, the acting US attorney for the Central District of California, said, “The scope of criminal behavior by North Korean hackers has been extensive and protracted, and the range of crimes they have committed is staggering.”

Wilkinson also said, “The conduct described in the indictment is the act of a criminal nation-state that has stopped at nothing to seek revenge and receive money to prop up its regime.”

The charges in the US District Court in Los Angeles against Jon Chang, 31, Kim Il, 27, and Park Jin Hyo, 36, were members of units of the Reconnaissance General Bureau, a North Korean military intelligence agency dealing with hacking criminal offenses. Authorities found that Park had previously been charged in a September 2018 criminal complaint describing the cyberattack on Sony Pictures and the creation of the ransomware known as WannaCry.

At the same time on Wednesday, officials announced that a Canadian-American citizen, 37-year-old Ghaleb Alaumary, has pledged to plead guilty to a money laundering system and admitted to helping the accused North Koreans get their ” Cyber ​​”pay off -activated bank robbery. “

According to authorities, Alaumary organized teams of people in the US and Canada to launder the millions of dollars the hackers received through ATM withdrawal transactions.

The conspiracy, which according to official figures was motivated for revenge or financial gain depending on the target, included the attack on Sony in 2014 for its satirical film “The Interview”, which portrayed the murder of North Korea and the targeting of AMC theaters showed the film. Another alleged target was Mammoth Screen, which produced a fictional series depicting a British scientist who was taken hostage by North Korea and who suffered digital surgery in 2015.

Authorities also said that from 2015 to 2019, the hackers attempted to steal more than $ 1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta and Africa by breaking into their computer networks and sending fraudulent messages sent the SWIFT bank messaging system.

The hackers are charged with attacking hundreds of cryptocurrency companies and stealing tens of millions of dollars in cryptocurrency as part of the program.

A Slovenian cryptocurrency company was stripped of $ 75 million in that currency, according to authorities, and the hackers stole nearly $ 25 million worth of cryptocurrency from an Indonesian cryptocurrency company in September 2018 and $ 11.8 million from the New York financial services company last summer Millions of dollars by using the malicious company CryptoNeuro Trader application.

The defendants are also charged with stealing $ 6.1 million from BankIslami Pakistan Limited through a series of ATM withdrawal programs, the creation of the WannaCry 2.0 ransomware in 2017, and extortion and attempted extortion against victim companies.

And the program has reportedly developed several malicious cryptocurrency applications since March 2018 that gave North Korean hackers backdoors into victims’ computers. These applications included Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader and Ants2Whale.

“North Korea’s employees, who use keyboards instead of guns and steal cryptocurrency digital wallets instead of moneybags, are the world’s leading bank robbers,” said John Demers, Assistant Attorney General of the Department of Justice’s National Security Division.

The price of the leading cryptocurrency Bitcoin has increased by more than 400% in the past 12 months.

The price of Bitcoin has increased by more than 75% as more and more companies come to terms with accepting it as both a means of payment and a store of value and a medium of exchange.

At one point on Wednesday, Bitcoin was selling for $ 51,165, close to the record it hit earlier in the day, according to Coin Metrics.

JPMorgan has announced that it will allow cryptocurrency banking, and the Bank of New York Mellon, the country’s oldest bank, announced last week that digital currencies could soon pass through the same financial network they currently use for more traditional holdings like the U.S. Treasury Department use bonds and stocks.

Payment companies like PayPal and Mastercard have stepped up efforts on their platforms to support cryptocurrency processing. And the electric car maker Tesla announced in a government motion last week that it had invested $ 1.5 billion in Bitcoin and was planning to accept the digital currency as a means of payment for its products.

However, Bitcoin’s history of high profile thefts and hacks has still cast doubts about its security, especially since it is often kept in digital wallets on independent networks.

In the past few years, thieves have stolen billions of dollars worth of Bitcoin. And the digital nature of these thefts often makes it difficult for authorities to track down the crooks.

– CNBCs Tom Franck contributed to this report