US Indicts Two More Members of North Korean Hacking Group Lazarus
Introduction
The United States has recently announced the indictment of two additional members of the notorious North Korean military hacking group known as Lazarus. This group, also known as APT38, has been implicated in numerous cybercrimes, including stealing over $1.3 billion from various entities.
Details of the Indictment
The federal indictment, which was unsealed on [date], named three individuals who are believed to be members of the Reconnaissance General Bureau (RGB), the military intelligence agency behind Lazarus. The indicted individuals are Park Jin Hyok, aged 36, Jon Chang Hyok, aged 31, and Kim Il, aged 27. Park Jin Hyok was previously charged in a complaint unsealed in 2018.
The Department of Justice (DoJ) has accused the trio of being involved in several high-profile cyberattacks, including the infamous attacks on Sony Pictures Entertainment and AMC Theaters, cyber-heists targeting SWIFT transfers at Bangladesh Bank, and the creation of the WannaCry ransomware.
Additional Allegations
In addition to the aforementioned cybercrimes, the indicted individuals are also accused of ATM cash-out thefts, including a $6.1 million raid on BankIslami Pakistan in October 2018. They are also said to have created and deployed malicious cryptocurrency apps to gain backdoor access to victim machines and have stolen tens of millions from cryptocurrency companies.
The trio has been named as conspirators in spear-phishing campaigns targeting multiple US government, energy, defense, tech, and aerospace organizations. They are also alleged to have developed a Marine Chain Token designed to funnel investor funds to North Korea surreptitiously.
Money Laundering Allegations
In a separate charge, Ghaleb Alaumary, aged 37, of Mississauga, Ontario, has been accused of acting as a money launderer for North Korean schemes, including the ATM cash-outs, Business Email Compromise (BEC) attacks, and other fraud. Alaumary has pleaded guilty and is currently facing prosecution in Georgia for his involvement in a separate BEC scheme. He is believed to have organized teams of co-conspirators in the US and Canada to launder millions for the Kim Jong-un regime.
Cybersecurity Update
The US Cybersecurity and Infrastructure Security Agency (CISA) has released additional information on the malicious cryptocurrency apps mentioned in the indictment. These apps, posing as legitimate trading platforms, are actually designed to steal cryptocurrency from unsuspecting victims and have been in circulation since 2018.
Overall, the indictment and related charges shed light on the sophisticated and far-reaching cyber operations of the Lazarus group and its affiliates, highlighting the ongoing threat posed by state-sponsored hacking groups.