US officials have charged a North Korean computer programmer in connection with high-profile cyber attacks, including the Sony Pictures Entertainment hack and the WannaCry ransomware virus that affected hundreds of thousands of computers worldwide.
Here are key allegations from the complaint filed against Park Jin Hyok, who the FBI says is a part of a North Korean government-sponsored hacking group:
— In the 2014 attack on Sony, the hackers gained access to the movie company’s network by sending malicious computer software to employees, allowing them to steal confidential data and post yet-to-be-released movies online for public download. The attack damaged thousands of computers and released a wealth of personal information about Sony employees.
— In the 2016 attack on the Bangladesh Bank, the hackers fraudulently transferred $81 million from the institution after accessing the bank’s computer terminals using spear-phishing emails. Spear-phishing emails are personalized to appear legitimate to induce a recipient to click on a link or open a file, allowing the hacker to gain access to their computer.
— The hackers accessed several other banks in various countries, including the U.S., from 2015 to 2018 using similar methods and so-called “watering-hole attacks,” in an attempt to steal $1 billion. In watering-hole attacks, hackers infect a website commonly used by their target.
— In one such watering-hole attack, hackers infected the website of the Polish Financial Supervision Authority in what the FBI describes as one of the most serious information security attacks in Poland. The intrusion likely was discovered before the hackers could successfully steal any funds, the complaint says.
— In last year’s WannaCry ransomware attack, the hackers infected hundreds of thousands of computers around the world, causing extensive damage and significantly affecting the United Kingdom’s National Health Service.
— The hackers also targeted US defence contractors, including Lockheed Martin, sending spear-phishing emails purporting to be from recruiters at competing contractors.
— In many cases, the successful attacks by the hackers were proceeded by reconnaissance of their targets online and in social media, including researching employees of Lockheed Martin.
— In one spear-phishing email, hackers made an exact copy of a legitimate email Facebook sent to some of its users. In the replica email, hackers replaced a legitimate link with a link that would allow them to access the victim’s computer.
— Park, the only alleged hacker named in the complaint, studied at a North Korean university and was a programmer employed by the North Korean government, according to the FBI. Park remains in North Korea. It’s unlikely he’ll be extradited because the US has no formal relations with North Korea.