[BreachExchange] U.S. charges North Korean hacker over Sony, WannaCry incidents

Thu Sep 6 23:34:26 EDT 2018

https://www.cyberscoop.com/north-korea-indictment-sony-pictures-wannacry/

The Department of Justice announced charges Thursday against a North
Korean spy in connection with the 2014 attack on Sony Pictures and the
2017 WannaCry ransomware attack.

Park Jin Hyok, a North Korean computer programmer, has been charged
with one count of conspiracy to commit wire fraud and one count of
conspiracy to commit computer-related fraud.

The U.S. government alleges that Park was operating under the front
company “Chosun Expo” or the “Korean Expo Joint Venture,” in addition
to activities conducted on behalf of North Korea’s Reconnaissance
General Bureau.

The complaint says that alongside the attacks on Sony, Park was part
of a group that also attacked AMC Theaters and U.K.-based independent
production company Mammoth Screen around the same time as the Sony
Pictures hack.

Additionally, the government alleges that Park was instrumental in
attacks on defense contractor Lockheed Martin and the Bank of
Bangladesh. The latter incident saw $81 million stolen through the
bank’s connection to the SWIFT international communication network.

“The criminal conduct outlined in this case is intolerable,” said said
First Assistant United States Attorney Tracy Wilkison at a press
conference in Los Angeles. “These are criminal acts and we will
prosecute those who commit them. We cannot expect citizens and
companies to stand alone against the resources of a nation committing
crimes.”

While Park is the only person named, the 179-page complaint lays out
how the North Korean bureau attacked its various targets through
spearphishing and watering hole attacks. Justice Department officials
said the investigation into the RGB’s actions continues.

U.S. officials have previously pinned the Sony and WannaCry attacks to
hackers working in connection with North Korea. The U.S. government
publicly linked North Korea to WannaCry last December. Other
governments and private cybersecurity companies linked the attacks to
North Korea far prior to the U.S.’s public announcement.

In 2014, hackers successfully got Sony to pull “The Interview” from
theaters after they dumped salacious internal communications and wiped
Sony machines, crippling operations in the process. The movie depicted
North Korean leader Kim Jong-Un dying in a crude fashion, upsetting
the regime prior to release.

Both attacks were attributed to the Lazarus Group, which has long been
connected to the North Korean regime. Aside from the two incidents
tied to the complaint, the group has been connected to a number of
other operations, including an attempt to hack foreign policy staffers
tied to Hillary Clinton’s presidential campaign.

The complaint details how Park used a number of email addresses to
conduct spearphishing campaigns on various targets. Officials said
Park’s reuse of a number of email addresses was used to establish his
identity.

The Justice Department has been charging hackers as a deterrence
method in an effort to thwart hacking efforts from adversarial
nation-states. In July, the department indicted 12 Russian intel
officers in connection with 2016 hack at the Democratic National
Committee. The department has also indicted hackers tied to China and
Iran in the past 18 months.

Jeanette Manfra, the Department of Homeland Security’s top
cybersecurity official, told reporters Thursday that the U.S.
government’s public “naming and shaming” of foreign hackers, when
coupled with other actions, has an effect in deterring that behavior.

“There are a lot of tools that the government has that we don’t talk
publicly about that we also want to ensure that we’re using,” she
said.

It’s very unlikely Park will ever see the inside of a U.S. courtroom.
The U.S. government has no diplomatic relations with North Korea.
Justice Department officials said they were not in contact with the
country’s regime ahead of announcing the charges.

The U.S. Treasury also sanctioned Chosun Expo Joint Venture,
preventing any entity that does business within the U.S. to conduct
other business with Park or the group.

“We will not allow North Korea to undermine global cybersecurity to
advance its interests and generate illicit revenues in violation of
our sanctions,” said Treasury Secretary Steven Mnuchin.  “The United
States is committed to holding the regime accountable for its
cyber-attacks and other crimes and destabilizing activities.”