US charges North Korea agent over Sony Pictures hack and WannaCry
7.9.2018 securityaffairs CyberCrime
The U.S. Department of Justice charged a North Korea agent over WannaCry and 2014 Sony Pictures Entertainment Hack.
The U.S. Department of Justice announces charges against a North Korean government spy that was involved in the massive WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack.
“the Justice Department charged on Thursday in a 174-page criminal complaint that detailed how hackers caused hundreds of millions of dollars’ worth of damage to the global economy.” states the NYT.
“Only one North Korean, Park Jin-hyok, was named — charged with computer fraud and wire fraud in the 2014 hack of Sony Pictures Entertainment.”
The individual charged by the US DoJ is Park Jin Hyok, an expert that works for North Korean military intelligence agency Reconnaissance General Bureau (RGB).
The man, also known as Pak Jin Hek, is also linked to the dreaded Lazarus APT Group.
The complaint against Mr. Park was filed under seal on June 8, just a few days before the summit meeting between Trump and Mr. Kim in Singapore.
The complaint also reports of a hacking unit working for North Korea’s intelligence agency, that operates out of China and other Asian nations
The 2014 Sony Pictures Entertainment hack was carried out by Pyongyang in retaliation for the production of the comedic film “The Interview” that mocks the North Korean leader Kim Jong Un.
At the time, the US law enforcement suspected the involvement of North Korea’s Unit 121, which is the group of hackers working under the direction of the General Bureau of Reconnaissance.
Hackers wiped many computers from the company and exfiltrated over 200GB of sensitive data, including upcoming movie scripts, celebrities phone numbers, employees data versions of then-unreleased films.
WannaCry infected 200,000 computers across 150 countries in a matter of hours after the beginning of the massive attack, it took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier versions of Microsoft Windows. This tool was soon stolen by a hacking group named “Shadow Brokers” which leaked it to the world in April 2017.
The ransomware infected systems in any industry and also targeted critical infrastructures such as hospitals and banks.
The US intelligence highlighted that North Korea hackers were free to operate from Chine. Chosun Expo Joint Venture helped fund North Korean hacking groups by covering their activities with legitimate programming work from an office in Dalian, China. According to the complaint, some customers were aware the employees “were North Korean computer programmers connected to the government.”
Mr. Park, who worked there from 2011 to 2013, and his colleagues were overseen by a company manager and North Korean political attaché́, the Justice Department said.
Hyok worked in China from at least 2011 to 2013 and returned to North Korea shortly before the attack against Sony Pictures in November 2014.
The investigation is still ongoing, this kind of investigations are very difficult and cannot leverage classified information from the intelligence agencies
“In order to get admissible evidence,” John Carlin, the former head of the Justice Department’s National Security Division, “prosecutors have to work through any issues the intelligence community might have.”