On February 17th, the US Department of Justice announced criminal charges against three North Korean (DPRK) government-backed hackers for thefts of cryptocurrency and funds from banks totaling around $1.3 billion USD. The hackers, Jon Chang Hyok, Kim Il, and Park Jin Hyok, were indicted for multiple hacking events, including the following:
- Cyberattacks on AMC theatres and Mammoth Screen, following unfavorable entertainment media created regarding DPRK
- Cyber-enabled bank heists totaling more than $1.2 billion USD
- Cyber-enabled ATM cash-outs totaling $6.1 million USD
The UN has estimated that DPRK backed attackers have generated as much as $2 billion USD from at least 35 cyberattacks targeting banks and cryptocurrency exchanges.
Another indictment unsealed by the Department of Justice charged Ghaleb Alaumary, a 37 year old man from Canada, with helping the DPRK to launder stolen funds using a network of criminal actors to facilitate ATM cash-out operations. Unlike the three North Korean defendants, Alaumary is in the custody of US officials and has agreed to plead guilty to charges.
Finally, the FBI and DHS CISA have released technical details about the malware and computer server infrastructure used by the DPRK in an alert to private industry security professionals. The malware is referred to as “AppleJeus” and has been used for several years with different versions released over time.