U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars

WASHINGTON — The Justice Department on Wednesday unsealed charges against three North Korean intelligence officials accused of hacking scores of companies and financial institutions to thwart U.S. sanctions, illegally fund the North Korean regime and control American corporations deemed enemies of the state, including Sony Pictures Entertainment.

The charges are the government’s latest effort to show that North Korea has engaged in a brazen, yearslong effort to undermine and attack institutions around the world and steal millions of dollars even as the United States and its allies intensify efforts to rein in the country and its nuclear ambitions.

One of the officials, Park Jin-hyok, a member of North Korea’s military intelligence agency, was accused by the Justice Department in 2018 of participating in the Sony hacking that crippled the company, as well as the WannaCry cyberattack on Britain’s National Health Service, and an attack on the Bangladeshi central bank and financial institutions around the world.

Building on that investigation, the Justice Department indicted Mr. Park and two more North Korean spies, Jon Chang-hyok and Kim Il, on charges related to those attacks, as well as new accusations that they tried to steal more than $1.3 billion.

“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” John C. Demers, the head of the Justice Department’s National Security Division, said in a statement.

Prosecutors declined to say how much money the hackers actually obtained.

Separately, federal prosecutors charged Ghaleb Alaumary, 37, a dual citizen of the United States and Canada, with organizing a network of people in those countries to launder millions of dollars that the North Korean government obtained from the hackers. Mr. Alaumary pleaded guilty to the charge.

Wednesday’s broad indictment supports the findings of a report released this monthby Recorded Future, a cybersecurity research group, that concluded that North Korea has greatly expanded its ability to use the internet to financially prop up its government even though the United States and its allies have choked off oil supplies and imposed strict sanctions on the country.

The report also found that North Korea has vastly improved its ability to steal cryptocurrencies like Bitcoin and that it now routes half of its internet traffic through Russia.

The government accused Mr. Jon and Mr. Kim of working with Mr. Park to operate illegal hacking schemes from North Korea, China and Russia beginning as early as 2014, when they attacked Sony in retaliation for the company’s decision to make and release a movie, “The Interview,” that depicted a plot to assassinate Kim Jong-un, the leader of North Korea.

The attack was disastrous for the film studio, wiping out 70 percent of its computer capabilities, erasing data on about half of its personal computers and servers, and crippling operations. Private emails released as part of the attack embarrassed executives and contributed to the resignation of the studio’s chairwoman, Amy Pascal.

After the Sony attack, the three men sent malware-laden phishing emails to employees of the Bangladesh Bank and eventually gained access to its computers, which are connected to the global banking communication system.

The hackers then directed the Federal Reserve Bank of New York to transfer money from Bangladesh Bank to accounts they controlled. They were able to steal only $81 million because an official at the reserve bank noticed that the word “foundation” was misspelled, scrutinized the transaction and halted the transfer of an additional $900 million, according to government documents in the case against Mr. Park.

The three men also used the crippling WannaCry malware to infiltrate and paralyze the British health care system’s computer network. And they tried to break into the computer networks of U.S. defense contractors.

Those schemes were largely known, as they made up the bulk of the charges against Mr. Park, which were unveiled three years ago.

But federal prosecutors also revealed new accusations that the hackers cashed out money from A.T.M.s, resulting in $6.1 million stolen from BankIslami Pakistan alone; that they used the WannaCry ransomware to extort money from victims after it was used against the British health system; that they created digital-currency-related malware that gave them access to victims’ computers; and that they stole tens of millions of dollars’ worth of cryptocurrency, including more than $111 million from companies in Slovenia, Indonesia and New York.

In addition to defense contractors, the group tried to break into energy companies, aerospace companies, technology companies, and the State and Defense Departments.

Mr. Demers said during a news conference that there was little chance that any of the men, who live in North Korea, would be arrested. But the Justice Department publicly revealed their identities and the accusations against them, he said, to show the public the seriousness of the threats from countries like North Korea. The department also wanted to demonstrate that it is able to identify the criminals behind cyberattacks and to warn those hackers and the countries that support them, he said.

“If the choice here is between remaining silent while we at the department watch nations engage in malicious, norms-violating cyberactivity, or charging these cases, the choice is obvious,” Mr. Demers said in a statement. “We will charge them.”