WASHINGTON: The US Justice Department charged three North Korean military intelligence officials on Wednesday in a campaign of cyberattacks to steal $1.3 billion in crypto and traditional currencies from banks and other targets.

The first action against Pyongyang by President Joe Biden’s administration took aim at what the department called “a global campaign of criminality” being waged by North Korea.

The department accused the three of a wide-ranging hacking and malware operation to obtain funds for their government while avoiding punishing UN sanctions that have cinched off its sources of income.

Over at least seven years, the officials created malicious cryptocurrency applications that opened back doors into targets’ computers; hacked into companies marketing and trading digital currencies like bitcoin; and developed a blockchain platform to evade sanctions and secretly raise funds, the department said.

In 2018, these hackers stole $6.1m from a Pakistani bank’s ATM machines after gaining access to its computer network

The case filed in federal court in Los Angeles builds on 2018 charges against one of the three, identified as Park Jin Hyok.

He was charged with the 2014 hack of Sony pictures, the creation of the notorious WannaCry ransomware, and the 2016 theft of $81 million from the central bank of Bangladesh.

The new charges added two defendants, Jon Chang Hyok and Kim Il.

The allegations said the three worked together in the North Korean military intelligence’s hacking-focused Reconnaissance General Bureau, better known within the cybersecurity community as the Lazarus Group, or APT 38.

In addition to the earlier charges, the three allegedly operated out of North Korea, Russia and China to hack computers using spearfishing techniques, and to promote cryptocurrency applications loaded with malicious software that allowed them to empty victims’ crypto wallets.

They allegedly robbed digital currency exchanges in Slovenia and Indonesia and extorted a New York exchange of $11.8 million.

In a 2018 scheme, they robbed $6.1 million from ATM machines from a Pakistani bank after gaining access to its computer network.

The Justice Department did not specify exactly how much it believed the defendants have stolen altogether.

‘Keyboards instead of guns’

In addition, the charges said, Kim Il developed the blockchain-based digital currency-like “Marine Chain Token” which ostensibly was an instrument for investors to buy shares of shipping vessels.

He marketed opportunities to invest in the scheme in Singapore, without telling potential investors that it was mainly designed to hide ship ownership identities to help North Korea avoid sanctions, the charges said.

All of the actions, the Justice Department said, were to “further the strategic and financial interests of the (North Korean) government and its leader, Kim Jong Un”.

Published in Dawn, February 19th, 2021