US charges three North Korean hackers in $1.3 billion theft spree

The United States has charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than $1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios, the Department of Justice said on Thursday.

The first action against Pyongyang by President Joe Biden's administration took aim at what the department called "a global campaign of criminality" being waged by North Korea. 

The indictment alleges that Jon Chang Hyok, 31, Kim Il, 27, and Park Jin Hyok, 36, stole money while working for North Korea's military intelligence services. 

In addition to the earlier charges, the three allegedly operated out of North Korea, Russia and China to hack computers using spearfishing techniques, and to promote cryptocurrency applications loaded with malicious software that allowed them to empty victims' crypto-wallets.

They allegedly robbed digital currency exchanges in Slovenia and Indonesia and extorted a New York exchange of $11.8 million.

In a 2018 scheme, they robbed $6.1 million from ATM machines from Pakistan's BankIslami after gaining access to its computer network.

Over at least seven years, the officials created malicious cryptocurrency applications that opened back doors into targets' computers; hacked into companies marketing and trading digital currencies like bitcoin; and developed a blockchain platform to evade sanctions and secretly raise funds, the department said.

The Justice Department said the hackers were responsible for a wide range of criminal activity and high-profile intrusions, including a retaliatory 2014 attack on Sony Pictures Entertainment for producing "The Interview" movie, which depicted the assassination of North Korea's leader.

The group is alleged to have targeted the staff of AMC Theatres and broken into computers belonging to Mammoth Screen, a UK film company that was working on a drama series about North Korea.

The Justice Department also alleged that the trio participated in the creation of the destructive WannaCry 2.0 ransomware - which hit Britain's National Health Service hard when it was set loose in 2017.

The indictment pins the blame on the hackers for breaking into banks across South and Southeast Asia, Mexico, and Africa by penetrating the financial institutions' networks and abusing the SWIFT protocol to steal money. They are also alleged to have deployed malicious applications from March 2018 through September 2020 to target cryptocurrency users.

The overall amount of money stolen by the hackers is not clear because in some cases the thefts were either halted or reversed. But the figures are significant. In one 2016 heist alone - at the Bangladesh Bank - the hackers are alleged to have made off with $81 million.

"North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading 21st-century nation-state bank robbers," US Assistant Attorney General John Demers told a news briefing.