On September 6, 2018, an indictment charged a North Korean citizen, Park Jin Hyok, with one count of conspiracy to commit computer fraud and abuse and one count of conspiracy to commit wire fraud in connection with his alleged involvement in a series of cyberattacks around the world. According to allegations in the complaint, Park, a computer programmer at the Korea Expo Joint Venture, belongs to a hacking team known as the “Lazarus Group,” which is sponsored by the Democratic People’s Republic of Korea. The complaint alleges that Park engaged in malicious cyber activities using methods like destructive malware, “spear-phishing,” and ransomware extortion. The complaint describes a series of malicious cyberattacks and specifically focuses on four examples: (1) the November 2014 cyberattack directed at Sony Pictures Entertainment, (2) the February 2017 conspiracy that stole $81 million from the Bangladesh Bank, (3) the 2016 and 2017 cyberattacks on U.S. defense contractors, including Lockheed Martin, and (4) the creation of ransomware known as WannaCry 2.0 in May 2017. According to the government, its investigation tracked email and social media accounts, programming code, and IP addresses to show that the cyberattacks were conducted by the same individuals.
United States v. Park Jin Hyok, 18-cr-1479 (C.D. Cal.)