North Korean charged in Sony hack, WannaCry attack

The U.S. believes he was working for a North Korean-sponsored hacking organization.

By Michael Balsamo and Eric Tucker

Associated Press

WASHINGTON — A computer programmer accused of working at the behest of the North Korean government was charged Thursday in connection with several high-profile cyberattacks, including the Sony Pictures Entertainment hack and the WannaCry ransomware virus that affected hundreds of thousands of computers worldwide.

Park Jin Hyok, who is believed to be in North Korea, conspired with others to conduct a series of attacks that also stole $81 million from a bank in Bangladesh, according to the Justice Department’s criminal complaint. The U.S. believes he was working for a North Korean-sponsored hacking organization.

The U.S. government has previously said that North Korea was responsible for the 2014 Sony hack. That attack led to the release of a trove of sensitive personal information about Sony employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives. The hack included four yet-to-be released Sony films, among them “Annie,” and one that was in theaters, the Brad Pitt film “Fury,” and cost the company tens of millions of dollars.

The FBI had long suspected North Korea was also behind the last year’s WannaCry cyberattack, which used malware to scramble data at hospitals, factories, government agencies, banks and other businesses across the globe.

“This was one of the most complex and longest cyberinvestigations the department has taken,” said John Demers, assistant attorney general for national security.

U.S. officials believe the Sony hack was retribution for “The Interview,” a comedy film that starred Seth Rogen and James Franco and centered on a plot to assassinate North Korea’s leader, Kim Jong Un. Sony canceled the theatrical release of the film amid threats to moviegoers but released it online through YouTube and other sites.

A Sony spokeswoman declined comment Thursday. Attempts by The Associated Press to reach the alleged hacker were not immediately successful. Two Gmail addresses identified in the FBI in the complaint were listed as disabled.

Among the emails released in the hack was an exchange between Amy Pascal, then co-chairman of the studio, and “The Social Network” producer Scott Rudin where they joked about what might be then-President Barack Obama’s favorite movies, listing “12 Years a Slave” and films by black comedian Kevin Hart.

The pair apologized. Pascal left her job months later.

In addition to targeting Sony, hackers sent spear-phishing emails to employees at AMC Theaters, which had planned to screen the movie, and to a British company producing a fictional television serious about a scientist taken prisoner in North Korea, authorities said.

The hackers used the same aliases and accounts from the Sony attack when they sent spear-phishing emails to several U.S. defense contractors, including Lockheed Martin, and others in South Korea, officials said.

The criminal complaint, filed in Los Angeles, alleges that the hackers committed several attacks from 2014 until 2018. The investigation is continuing.

“The criminal conduct outlined in this case is intolerable,” said Tracy Wilkison, the first assistant U.S. attorney in Los Angeles. “The North Korean-backed conspiracy attempted to crush freedom of speech in the U.S. and the U.K. It robbed banks around the world. And it created indiscriminate malware that paralyzed computers and disrupted the delivery of medical care.”

Cybersecurity experts have said portions of the WannaCry program used the same code as malware previously distributed by the hacker collective known as the Lazarus Group, which is believed to be responsible for the Sony hack.

The indictment said that Park was on a team of programmers employed an organization called Chosun Expo that operated out of Dalian, China, and that the FBI described as “a government front company.”

A North Korea-registered website bearing that company’s name described Chosun Expo as the country’s “first internet company,” saying it was established in 2002 and employed 20 young graduates from institutions including Kim Il Sung University, Kimcheon Industrial University and Pyongyang Art University.

A 2015 version of the company’s website said it focused on gaming, gambling, e-payments and image recognition software. It looked in many ways like a typical tech company, boasting of its “pioneering” IT talent and customer satisfaction. By July 2016, internet archival records show, the company dropped the reference to North Korea from its home page.

Sometime later, the site vanished from the web.

Emails sent to Chosun Expo’s generic email address and to the website’s original registrant, whose name was given as Won Sun Chol, went unreturned.

It is the first time the Justice Department has brought criminal charges against a hacker said to be from North Korea. In recent years the department has charged hackers from China, Iran and Russia in hopes of publicly shaming other countries for sponsoring cyberattacks on U.S. corporations.

In 2014, for instance, the Obama administration charged five Chinese military hackers with a series of digital break-ins at American companies, and last year, the Justice Department charged Russian hackers with an intrusion at Yahoo Inc.

The Treasury Department also added Park Jin Hyok’s name to their sanction list, which prohibits banks that do business in the U.S. from providing accounts to him or Chosun Expo.

It is unlikely that he will be extradited because the U.S. has no formal relations with North Korea and the North Korean government was not notified about the charges.

Talk to us

More in Herald Business Journal

FILE - In this file photo dated Monday, March 11, 2019, rescuers work at the scene of an Ethiopian Airlines plane crash south of Addis Ababa, Ethiopia.  The number of deaths in major air crashes around the globe fell by more than half in 2019 according to a report released Wednesday Jan. 1, 2020, by the aviation consultancy To70, revealing the worst crash for the year was an Ethiopian Airlines Boeing 737 MAX on March 10 that lost 157 lives. (AP Photo/Mulugeta Ayene, FILE)
US board says Boeing Max likely hit a bird before 2019 crash

U.S. accident investigators disagree with Ethiopian authorities over the cause of a 2019 Boeing 737 Max crash.

Paddywack co-owner Shane Somerville with the 24-hour pet food pantry built by a local Girl Scout troop outside of her store on Tuesday, Dec. 20, 2022 in Mill Creek, Washington. (Olivia Vanni / The Herald)
An out-paw-ring of support: Mill Creek pantry feeds pets, day or night

With help from local Girl Scouts, the Mill Creek pet food store Paddywack is meeting the need for pet supplies in a pinch.

Kelly Cameron is the woodworker behind Clinton-based business Turnco Wood Goods. (David Welton)
Whidbey woodworkers turn local lumber into art

In the “Slab Room” at Madrona Supply Co., customers can find hunks of wood native to the south end of Whidbey Island.

Siblings Barbara Reed and Eric Minnig, who, co-own their parent’s old business Ken’s Camera along with their brother Bryan, stand outside the Evergreen Way location Thursday, Dec. 15, 2022, in Everett, Washington. After five decades in business, Ken’s will be closing its last two locations for good at the end of the year. (Ryan Berry / The Herald)
Print it or lose it: Ken’s Camera closes after decades caught on film

The local legend, processing film photos since 1971, will close its locations in Mount Vernon and Everett at the end of 2022.

Store owner Jay Behar, 50, left, and store manager Dan Boston, 60, right, work to help unload a truck of recliners at Behar's Furniture on Monday, Jan. 16, 2023. Behar's Furniture on Broadway in Everett is closing up shop after 60 years in business. The family-owned furniture store opened in 1963, when mid-century model styles were all the rage. Second-generation owner, Jay Behar says it's time to move on. (Annie Barker / The Herald)
Behar’s Furniture in Everett closing after 60 years

“It’s time to move on.” The small family-owned store opened in 1963 and grew to cover an entire city block.

Katy Woods, a Licensed Coach, Branch Manager, and experienced Banker at Coastal Community Bank.
Coastal Community Bank Offers Classes for Businesses

To support local business owners and their teams, Coastal offers complimentary Money… Continue reading

Innovative Salon Products online fulfillment employees, from left, Stephanie Wallem, Bethany Fulcher, Isela Ramirez and Gretchen House, work to get orders put together on Friday, Jan. 6, 2023, at the company’s facility in Monroe, Washington. The company began including pay, benefits and perks to its job listings over a year ago, well ahead of the new statewide mandate to include a pay range on job postings at companies with over 15 employees. (Ryan Berry / The Herald)
New state law requires employers to give pay range in job postings

Washington’s new pay transparency law aims to narrow wage gaps based on race or gender — though some companies may seek loopholes.

Nelson Petroleum on Thursday, Dec. 22, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
‘Egregious:’ Everett fuel company repeatedly broke water standards

Nelson Petroleum faces a lawsuit from an Everett Mall Way strip mall over discharges into a nearby wetland.

Mike Lane and son Dave Lane, right, in front of their family store Everett Vacuum with their popular sign and saying, “everything we sell sucks” on Thursday, April 7, 2022, in Everett, Washington. (Olivia Vanni / The Herald)
Suck it up — and shop it up — at Everett Vacuum

After 80 years on Broadway, the family-run store with the “Everything we sell sucks” sign moved to Hewitt Avenue.

Customers leave J. Matheson Gifts Wednesday, Feb. 16, 2022, in Everett, Washington. (Ryan Berry / The Herald)
Everett’s longtime J. Matheson gift store finds new life in Seattle

Miranda Matheson had her mother’s blessing when she opened a new J. Matheson Urban Gifts & Kitchens in Green Lake.

Carla Fisher and Lana Lasley take a photo together with Tommy Chong during 210 Cannabis Co’s grand opening Saturday, Dec. 10, 2022, in Arlington, Washington. Fisher and Lasley waited in line solely to get a photo with Chong. (Ryan Berry / The Herald)
Stillaguamish Tribe opens retail cannabis shop

More than 1,500 attended a grand opening on Dec. 10. The venture comes amid a boom in tribal cannabis stores.

Franco Montano works on putting together a wreath at his workshop on Monday, Dec. 5, 2022 in Monroe, Washington. (Olivia Vanni / The Herald)
Monroe man runs taco truck by day, makes 100 wreaths by night

Franco Montano, a former factory worker, started making the holiday wreaths in 2008. He has expanded into a thriving family business.