North Korean Hackers Charged By U.S. Department of Justice in Global Crime Spree

By Anthony Eich on February 28, 2021

By: Anthony Eich

Executive Summary

Three members of an elite hacker group within the military intelligence ranks of the North Korean government have been indicted by the United States Justice Department on charges of a multitude of cyber attacks to include banking heists, crypto currency embezzlement, as well as other cybercrimes. The members of the military intelligence unit within the Reconnaissance General Bureau (RGB) of the North Korean military— Park Jin-hyok, Jon Chang-hyok and Kim Il— also known as the Lazarus Group or Advanced Persistent Threat 38 (APT38), have been accused of crimes totaling in financial damages exceeding $1.3 billion world-wide [1]. The assets that have been stolen are thought to have been used to pay for otherwise sanctioned activities of the North Korean state including their pursuit of nuclear arms. These members of the North Korean cyber army have been implicated in multiple organized crim plots in many countries including those in Europe, the United States, Vietnam, Bangladesh, Taiwan, Mexico, and Malta to name a few [2]. The nation-state backed criminals have been on the radar of law enforcement agencies in these countries, and with the installment of a new administration in the White House, a statement is set to be made to threat actors around the world that these acts will no longer be allowed to go unpunished.


The Lazarus Group has been implicated in many crimes such as the 2014 attack on Sony Picture Studios, the development of the notorious Wannacry malware used in attacks on British healthcare systems in 2017, and numerous attacks on banking systems around the globe including automated teller machine (ATM) cash outs and cryptocurrency heists. APT38 even developed blockchain platform to funnel and hide the funds in order to evade the sanctions that have been levied against the state [6]     . In addition to reasons of financial gain, this group has also performed attacks as hacktivists against media organizations that have been known to portray the North Korean state as well as their leader, Kim Jong Un, unfavorably. The official statement released by the Justice department as to the extent of the RGB’s activities and the resulting charges are as follows:

“The hacking indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok, 31; Kim Il), 27; and Park Jin Hyok, 36, were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged in a criminal complaint unsealed in September 2018“ [7].


With the indictments made against the members of the Lazarus Group, it is expected that North Korea will respond in kind. That being said, the action is mostly intended to attempt to restrict the hacker’s ability to move freely, but there is little hope for the resulting arrests that would bring these threat actors to justice. The move is an indication that the new White House administration is taking a hard stance on cybercrime, especially with the rising rates due to increased web traffic, remote jobs, and increased dependencies on a virtual workforce and e-commerce. The United States is the highest value target among all nations and is one of the most connected countries in the world. With that being said, there is still a large disparity between what cybersecurity professionals have been warning about, and the steps that have been taken to standardize security among national infrastructure and private commerce. With increased pressure on organized crime—from threat actors known to be nation state sponsored such as those attributed to North Korean and Russian hackers in recent events such as the SolarWinds attack and the crackdown on the Emotet botnet proliferators—the United States and it’s allies are making good on their existing policies on cybercrime and cyberwarfare [6].


During a time when the United States has been going through a shift in policy at the White House, the new leadership under President Joe Biden has so far been quiet about how to approach policy in regard to the DPRK. Previous leadership has taken a tough position against the rogue nation, inflicting heavy sanctions in an effort to de-nuclearize the country. Most recently, President Trump had made efforts towards diplomacy and became the first sitting US President to meet with the North Korean leader. After those talks and continued exchanges, Trump attempted to leverage that rapport with Kim Jong Un to further the US intention for a completely de-nuclearized North Korea [4]. That action was rejected by Un, and resulted in a breakdown of talks, which is now the situation for the current White House. It is likely that the Biden administration will take a page from President Obama’s policy and depend less on talks, and more on sanctions and direct actions such as these recent indictments. As of yet though, the new administration has not made public comment on the planned policy towards the North Koreans.


[1] Benner, Katie. 2021. U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars. 02 17. Accessed 02 26, 2021.

[2] GELLER, ERIC. 2021. North Korean hackers are ‘the world’s leading bank robbers,’ U.S. charges. 02 17. Accessed 02 26, 2021.

[3] Kristian, Bonnie. 2021. Biden Needs a New Goal for North Korea. 02 06. Accessed 02 26, 2021.

[4] Lee, Christy. 2021. Experts: Biden Thought Likely to Reverse Trump’s North Korea Policies . 02 02. Accessed 02 26, 2021.

[5] Lucas, Ryan. 2021. Justice Department Charges 3 North Korean Hackers For Global Cyberattacks. 02 17. Accessed 02 26, 2021.

[6] Mangan, Dan. 2021. North Korean hackers charged in massive cryptocurrency theft scheme. 02 17. Accessed 02 26, 2021.

[7] MORIYASU, KEN. 2021. North Korea goes missing from Biden’s big foreign policy speech. 02 06. Accessed 02 26, 2021.

[8] Naraine, Ryan. 2021. U.S. Charges North Korean Hackers Over $1.3 Billion Bank Heists. 02 17. Accessed 02 26, 2021.

[9] Press, Assocated. 2021. Suspected Russian hack fuels new U.S. action on cybersecurity. 02 19. Accessed 02 26, 2021.

[10] n.d. U.S. DEPARTMENT OF THE TREASURY. Accessed 02 26, 2021.