The US government has turned up the heat on Pyongyang after indicting a North Korean citizen and member of the infamous Lazarus Group for the attacks on Sony Pictures Entertainment (SPE), Bangladesh Bank and the infamous WannaCry ransomware.
Filed on June 8, 2018 in Los Angeles federal court and posted today, the indictment alleges that programmer Park Jin Hyok worked for a government front company known as Chosun Expo Joint Venture, or Korea Expo Joint Venture (KEJV), which has offices in China and the DPRK.
As well as working for paying clients around the world, Park and his colleagues are said to have engaged in malicious activities on behalf of the North Korean military.
Alongside WannaCry and the sophisticated attacks on SPE and Bangladesh Bank, the group is said to be responsible for unsuccessful attempts to infiltrate the computer systems of Lockheed Martin, the prime contractor for South Korea’s THAAD missile defense system.
Other unsuccessful raids show the scale of the operation, including spear-phishing emails sent to a movie theater chain and a UK firm producing a fictional series involving a British nuclear scientist taken prisoner in North Korea.
The DoJ claims that Park and his unnamed co-conspirators were linked to the attacks through: email and social media accounts used to send spear-phishing emails; online aliases; malware “collector accounts” used to store stolen credentials; malware code libraries; proxy services they used to hide their location; and North Korean, Chinese and other IP addresses.
“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said assistant attorney general John Demers.
“The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage."
Security experts welcomed the Department of Justice action.
FireEye senior manager of cyber-espionage analysis, Benjamin Read, said the DoJ complaint was “consistent with FireEye’s analysis of both the scope and attribution of this activity.”
“While we do not have insight into all of the incidents described in the complaint, our analysis concurs with the conclusion that the actors responsible for multiple financially motivated intrusions, the WannaCry ransomware and many of the other incidents are linked by shared development resources,” he added. “FireEye has observed these malicious operations continuing at a high pace over the last two years and impacting numerous organizations.”
SonicWall CEO Bill Conner said the move should serve as a reminder for consumers and organizations to remain vigilant in cyberspace.
“In today’s connected world, it is irresponsible to operate online without strict security standards,” he added. “Total end-to-end security is key, including a layered approach to security across wired, wireless, mobile and cloud networks, as well as the securing IoT devices to prevent tampering and unauthorized access."