Three North Korean Hackers of the Lazarus Group Indicted by the U.S. DoJ

• The U.S. DoJ has named three hackers who are thought to belong to the “Lazarus” group.
• The three men have been linked with numerous cyber-attacks, campaigns, and scam operations.
• It is extremely unlikely to see them getting arrested and extradited to the United States.

The U.S. Department of Justice has unsealed indictments against three North Koreans who are accused of launching numerous cyber-attacks against American entities since at least 2014. The particular group is believed to be supported by the North Korean state, and so their motives were mostly geared towards cyber-espionage and operational disruption.

North Korean hackers, however, are also financially motivated, as we have discussed many times in the recent past. The DoJ believes that the three indicted persons are involved in the attempted theft of at least $1.2 billion.

The indicted persons are Jon Chang Hyok (31), Kim Il (27), and Park Jin Hyok (36), all members of the Reconnaissance General Bureau (RGB), which is, in turn, an intelligence agency directly linked to the Democratic People’s Republic of Korea (DPRK). As for the specific hacking group they belong to, that would be the notorious Lazarus Group or APT38.

The schemes mentioned in the relevant announcement by the DoJ include the following:

• 2014 attacks against Sony Pictures Entertainment
• 2015 to 2019 bank heists against various targets globally
• 2018 “FastCash” ATM cash-out attacks against Pakistani banks
• 2017 to 2020 WannaCry ransomware attacks
• 2018 to 2020 cryptocurrency attacks through fake wallet apps
• 2017 to 2020 attacks against Slovenian, Indonesian, and American crypto companies
• 2016 to 2020 spear-phishing campaigns targeting U.S. government, aerospace, and tech companies
• 2017 to 2018 “Marine Chain Token” scam campaign targeting marine investors in the United States

The above is enough to lock the three hackers in prison for decades, but of course, we do not expect them ever to set foot in the United States. Also, there’s, of course, no extradition treaty between North Korea and the United States, and these hackers are state-sponsored anyway. Keeping their IDs secret and snatching them if they ever get to another country wouldn’t work either, as these hackers never leave North Korea anyway.

The FBI has obtained seizure warrants for whatever cryptocurrency amounts could be confirmed as stolen by the three hackers, and already, about $1.9 million has been returned to their victims. That’s admittedly only a small portion of what the Lazarus group has stolen, but more may follow soon.