US charges North Korean trio in US$1.3 billion hacking spree

Jon Chang-hyok, Kim Il and Park Jin-hyok are accused of stealing money and cryptocurrency while working for Pyongyang’s military intelligence services

The programmers were allegedly behind the 2014 attack on Sony Pictures over The Interview, a movie depicting the assassination of leader Kim Jong-un

Reading Time:2 minutes

An off-duty police officer hired by the cinema stands watch as people arrive to watch the controversial movie The Interview at the Plaza Theatre in Atlanta, Georgia, in December 2014. The Sony Pictures comedy was the subject of threats by North Korea after a hacking attack. Photo: EPA

Published: 6:14am, 18 Feb 2021Updated: 6:14am, 18 Feb 2021

The United States has charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than US$1.3 billion in money and cryptocurrency, affecting companies from banks to Hollywood movie studios, the Department of Justice said on Wednesday.

The indictment alleges that Jon Chang-hyok, 31, Kim Il, 27, and Park Jin-hyok, 36, stole money while working for North Korea’s military intelligence services. Park had previously been charged in a complaint unsealed in 2018.

The Justice Department said the hackers were responsible for a wide range of criminal activity and high-profile intrusions, including a retaliatory 2014 attack on Sony Pictures Entertainment for producing The Interview, a movie that depicted the assassination of North Korea’s leader.

The group is alleged to have targeted staff of AMC Theatres and broken into computers belonging to Mammoth Screen, a British film company that was working on a drama series about North Korea.

The Justice Department also alleged that the trio took part in the creation of the destructive WannaCry 2.0 ransomware – which hit Britain’s National Health Service hard when it was set loose in 2017.

The indictment pins the blame on the hackers for breaking into banks across South and Southeast Asia, Mexico, and Africa by penetrating the financial institutions’ networks and abusing the SWIFT protocol to steal money. They are also alleged to have deployed malicious applications from March 2018 through September 2020 to target cryptocurrency users.