The Justice Department has charged a North Korean cyber-operative with attacks and mayhem that prosecutors say was carried out under orders from Kim Jong Un.
The Justice Department has charged a North Korean cyber-operative with attacks and mayhem that prosecutors say was carried out under orders from Kim Jong Un. [NPR]

Feds Charge North Korean Cyber-Operative In Sony Hack, Ransomware Attack

Posted on:

< < Back to

The Justice Department announced charges Thursday against a North Korean man in connection with a series of infamous cyberattacks, including the 2014 hack of Sony Pictures Entertainment and the WannaCry ransomware attack that paralyzed computers across the globe.

Park Jin Hyok was part of a hacking group that conducted some of the most destructive recent online attacks in the world, according to a criminal complaint unsealed Thursday.

The malicious activities attributed to Park and his group include the cybertheft of $81 million from the Bangladesh Bank.

“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General for National Security John C. Demers.

The charges were announced as President Trump and his administration negotiations with North Korea to end its nuclear program. It was not immediately clear what effect they might have on those diplomatic efforts — whether, for example, North Korean strongman Kim Jong Un might walk away.

Statement of the charges

Park, 34, worked for a North Korean government front company called the Korea Expo Joint Venture, according to the complaint. But the Justice Department alleges that Park was in fact a member of a hacking team known as the “Lazarus Group,” which is says is sponsored by the North Korean government.

Park, who U.S. officials believe is currently in North Korea, faces charges that include conspiracy to commit wire fraud. The allegations relate to two of the most destructive cyberattacks in recent years.

The 2014 hack against Sony took place ahead of the studio’s release of “The Interview,” a comedy about a CIA plot to assassinate North Korean leader Kim.

The hackers stole a cache of emails, which were later publicly released to the embarrassment of studio executives. They also destroyed much of Sony’s computer infrastructure.

The Obama administration officially blamed North Korea for the attack and imposed sanctions against the country, but the Park charges are the first brought over the intrusion.

The WannaCry 2.0 attack, meanwhile, took place in 2017 and was stunning in its scale and speed. In essence, WannaCry locked more than 300,000 computers in some 150 countries worldwide and demanded money from victims in order to be unlocked.

It hit the British health care sector particularly hard, compromising computer systems at hospitals and causing chaos for patients and providers.

The attack exploited a vulnerability in old Microsoft Windows software. That vulnerability appears to trace back to a cache of cyber-weapons stole from the National Security Agency.

Trial unlikely

The charges against Park continue a strategy by the U.S. government to generate detailed, legally admissible cases against foreign cyber-attackers who are unlikely to ever stand trial in the United States.

The government also has charged or indicted Russian, Chinese and Iranian hackers.

Senate intelligence committee vice chairman Mark Warner, D-Va., hailed the strategy on Thursday but said Washington has more work ahead in determining ways to try to prevent big cyberattacks before the fact.

“This indictment is the result of years of hard work by the FBI and the Department of Justice, and it is an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable,” Warner said. “It also points to the need for a clearly thought-out and articulated strategy for deterring and punishing state-sponsored cyberattacks.”

The Trump administration did impose other punitive measures on Park and his employer on Thursday: the Treasury Department says it has sanctioned him and Korea Expo Joint Venture.

Copyright 2018 NPR. To see more, visit