The United States indicts three North Korean hackers who have attempted to steal a total of nearly 140 billion yen

The US Department of Justice has charged three North Korean hackers for being involved in the hacking of Sony Pictures hack and the creation of the world-famous ransomware ' WannaCry ' in 2017. The total damage caused by the theft involving these three hackers is estimated to be over $ 1.3 billion (about 137 billion yen), and the actual amount stolen is estimated to be about $ 200 million (about 21.1 billion yen).

Assistant Attorney General John C. Demers Delivers Remarks on the National Security Cyber Investigation into North Korean Operatives | OPA | Department of Justice
https://www.justice.gov/opa/pr/assistant-attorney-general-john-c-demers-delivers-remarks-national-security-cyber

Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe | OPA | Department of Justice
https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and

US Indicts North Korean Hackers in Theft of $ 200 Million — Krebs on Security
https://krebsonsecurity.com/2021/02/us-indicts-north-korean-hackers-in-theft-of-200-million/

US indicts North Korean hackers for stealing $ 1.3 billion
https://www.bleepingcomputer.com/news/security/us-indicts-north-korean-hackers-for-stealing-13-billion/

On February 17, 2021, the US Department of Justice charged three North Korean hackers, Yong Chang-hyuk (31 years old), Kim Il (27 years old), and Park Jin-hyuk (36 years old). The U.S. Department of Justice notes that the three hackers belonged to the North Korean intelligence and machine organization, the General Bureau of Reconnaissance of the People's Army of Korea (RGB) , and were active in a working force known as 'APT38.'

The cases involving the three people mentioned in this indictment are as follows.

・A hacking incident on Sony Pictures Entertainment that originated in the creation of the comedy movie ' The Interview ' depicting the assassination of Kim Jong Un.
・ From 2015 to 2019, hacked banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa, and sent a message to the International Interbank Communications Association using the hacked banks as a stepping stone for $ 1.2 billion (about 127 billion). Yen) A series of incidents that tried to steal the super.
・ A case of illegally withdrawing 6.1 million dollars (about 645 million yen) using an ATM cash withdrawal scheme called ' FASTCash '.
-Creation and use of ransomware ' WannaCry 2.0 '.
・ From March 2018 to September 2020, 'Celas Trade Pro,' 'World Bit-Bot,' 'iCryptoFx,' 'Union Crypto Trader,' 'Kupay Wallet,' 'Coin Go Trade,' 'Celas Trade Pro,' which provides backdoors to North Korean hackers. Create and distribute malicious crypto asset apps such as Dorusio, Crypto Neuro Trader and Ants2 Whale.
・ Theft case targeting crypto asset trading companies totaling tens of millions of dollars (billions of yen). $ 75 million from Slovenia's crypto asset trading company in December 2017, $ 24.9 million from Indonesia in September 2018, and $ 11.8 million from New York in August 2020. 1.2 billion yen) etc.
-A series of spear phishing attacks targeting employees of the US defense industry, energy industry, aerospace industry, technology industry, Ministry of State, and Ministry of Defense from March 2016 to February 2020.
-In order to avoid sanctions in the United States, we developed a system 'Marine Chain Token' that allows you to purchase fractional ownership of a transport ship with crypto assets, and controlled the interests of the transport ship.

Among them, the US Department of Justice has been moving to prosecute the hacking case against Sony Pictures Entertainment and the creation of ransomware 'WannaCry' from September 2018. The details of these two cases and the movement of the US Department of Justice are explained in detail in the following articles.

US prosecution for involvement of North Korean hackers in creating ransomware 'WannaCry' and hacking Sony Pictures-GIGAZINE

In addition, regarding the cryptographic asset malware used by the three people, the Cyber Security and Infrastructure Security Agency of the Ministry of Homeland Security has published a commentary article on the technical details.

AppleJeus: Analysis of North Korea's Cryptocurrency Malware | CISA
https://us-cert.cisa.gov/ncas/alerts/aa21-048a

Since the criminal cases involving these three hackers are diverse, the actual total amount of damage is unknown, but the cumulative amount targeted is over $ 1.3 billion (about 137 billion yen), and the amount actually stolen is 2. It is estimated to be about 100 million dollars (about 21.1 billion yen). Each of the three has been sentenced to up to 5 years for conspiracy charges for computer fraud and fraud, and up to 30 years for communication fraud and bank fraud.

At the same time as the indictment against the three North Korean-registered hackers, a complaint against Canadian-American Galeb Araumarie (37 years old), who has been in charge of money laundering for a series of crimes, was also announced. Alau Marie had already pleaded guilty as of November 17, 2020, but the release of the indictment was awaiting the indictment of three North Korean hackers.

In response to a series of incidents, Deputy Prosecutor John C. Demars said, 'North Korean agents use keyboards instead of guns to steal digital wallets filled with crypto assets instead of cash-filled bags. It is a level bank robbery. The Justice Ministry will use its own tools to confront the cyber activities of malicious nations and cooperate with other institutions and nations that adhere to the norms. ' I made it.