North Korean Hackers Indicted in Cyber Scheme Funding Illicit Shipping

The U.S. Justice Department unsealed an indictment charging three North Korean computer programmers in orchestrating a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies. Among the wide-ranging scheme to commit cyberattacks and financial crimes was an effort to fund North Korea’s illicit shipping activities.

“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said Acting U.S. Attorney Tracy L. Wilkison. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to exact revenge and obtain money to prop up its regime.”

The indictment filed in U.S. District Court in Los Angeles alleges that the three North Koreans were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal hacking. Building on charges filed by the Federal Bureau of Investigation in 2018, the new indictment alleges that these groups engaged in a conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.

Prosecutors described a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, conducted for revenge or financial gain. Allegedly they acted to create and deploy multiple malicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.

Among the schemes was an effort in 2017 and 2018 to fund North Korea’s shipping activities which were being used to evade U.S. sanctions. The group reported developed and marketed a cryptocurrency program known as a Marine Chain Token and conducted an initial coin offering to enable investors to purchase fractional ownership interests in marine shipping vessels. North Korea used this platform to hide the ownership of the vessels which were deployed in activities evading U.S. sanctions.

Among the other schemes detailed in the indictment were the 2014 and 2015 revenge cyberattacks against Sony Pictures, AMC Theatres, and Mammoth Screen for projects which unfavorably displayed North Korea and its leader in movies. There were also cyber-enabled attacks between 2015 and 2019 stealing more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa and the theft of tens of millions of dollars’ worth of cryptocurrency. The group is also charged with ransomware and cyber-enabled extortion again multiple companies as well as the creation and deployment of malicious cryptocurrency applications.

In addition to the financial attacks, North Korea reportedly targeted employees of U.S. defense contractors, energy companies, aerospace companies, technology companies, the U.S. Department of State, and the Department of Defense with “spear-phishing campaigns.” The efforts which ran from 2016 to 2020 sought to gain access to computer networks and steal information.

“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than masks and guns, are the world’s leading 21st century nation-state bank robbers,” said Assistant Attorney General John Demers of the Justice Department’s National Security Division. “The department will continue to confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the family of norms abiding nations to do the same.”

Federal prosecutors in Los Angeles said in a related development a Canadian citizen agreed to plead guilty to conspiracy to engage in money laundering for the North Korean conspiracy, among other criminal schemes.