Sony Hack Programmer Charged With Cybercrime Conspiracy

The U.S. Justice Department announced that it has charged North Korea’s Park Jin Hyok (박진혁; aka Jin Hyok Park and Pak Jin Hek) for his involvement in multiple cyberattacks around the world.

The complaint alleges that Park was a member of the government-sponsored  “Lazarus Group,” and worked for a North Korean government front company, Chosun Expo Joint Venture, to support the government’s malicious activity, including the the malware used in the 2017 WannaCry 2.0 global ransomware attack; the theft of $81 million from Bangladesh Bank in 2016; the 2014 attack on Sony Pictures Entertainment, which was in retaliation for the movie The Interview; and numerous other attacks on the entertainment industry, financial services, defense, technology, and virtual currency industries, academia, and electric utilities.

“Today’s announcement demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks,” said FBI Director Christopher Wray. “We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign. This group’s actions are particularly egregious as they targeted public and private industries worldwide — stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems. We’ll continue to identify and illuminate those responsible for malicious cyberattacks and intrusions, no matter who or where they are.”

Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, as well as one count of conspiracy to commit wire fraud, which could lead to a maximum sentence of 20 years in prison.

“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin. “The United States is committed to holding the regime accountable for its cyberattacks and other crimes and destabilizing activities.”