#Park Jin Hyok | Explore Tumblr Posts and Blogs

investmart007 · 6 years

Text

California News: North Korean Regime-Backed Programmer, Park Jin Hyok Charged in Conspiracy to Conduct Multiple Cyberattacks and Intrusions

New Post has been published on https://is.gd/SVImT7

California News: North Korean Regime-Backed Programmer, Park Jin Hyok Charged in Conspiracy to Conduct Multiple Cyberattacks and Intrusions

North Korean Hacking Team Allegedly Responsible for WannaCry Ransomware, Destructive Cyberattack on Sony Pictures, and Cybertheft from Bangladesh Bank

Park Jin Hyok – COMPLAINT

LOS ANGELES, Ca. – A criminal complaint made public today charges a North Korean citizen for his involvement in a conspiracy to conduct a series of destructive cyberattacks around the world, which resulted in damage to massive amounts of computer hardware and extensive loss of data, money and other resources.

The complaint alleges that Park Jin Hyok (박진혁) was a member of a hacking team sponsored by the Democratic People’s Republic of Korea and known to the private sector as the “Lazarus Group.” Park allegedly worked for a North Korean government front company, Chosun Expo Joint Venture, which was also known as Korea Expo Joint Venture, or KEJV, to support the DPRK government’s malicious cyber actions.

The conspiracy’s malicious activities included the creation of the malware used in the 2017 WannaCry ransomware attack; the 2016 theft of $81 million from Bangladesh Bank; the 2014 attack on Sony Pictures Entertainment; and numerous other attacks or intrusions on the entertainment, financial services, defense, technology and virtual currency industries, as well as academia and electric utilities.

“The complaint charges members of this North Korean-based conspiracy with being responsible for cyberattacks that caused unprecedented economic damage and disruption to businesses in the United States and around the globe,” said First Assistant United States Attorney Tracy Wilkison. “The scope of this scheme was exposed through the diligent efforts of FBI agents and federal prosecutors who were able to unmask these sophisticated crimes through sophisticated means.

They traced the attacks back to the source and mapped their commonalities, including similarities among the various programs used to infect networks across the globe. These charges send a message that we will track down malicious actors no matter how or where they hide. We will continue to pursue justice for those responsible for the huge monetary losses and attempting to compromise the national security of the United States.”

“The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations,” said Assistant Attorney General for National Security John C. Demers. “The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage.

The investigation, prosecution, and other disruption of malicious state-sponsored cyber activity remains among the highest priorities of the National Security Division and I thank the FBI agents, DOJ prosecutors, and international partners who have put years of effort into this investigation.”

“This complaint exposes a vast and audacious scheme by the North Korean government to utilize computer intrusions as a means to support the varied goals of their regime,” said Paul Delacourt, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “From computer network attacks on private entertainment companies and financial institutions, to the development of malware which crippled thousands of victims’ computer systems, North Korean cyber aggressions were pursued – and revealed – thanks to the thorough technical and collaborative work of Los Angeles-based FBI agents, computer scientists, federal prosecutors and intelligence analysts. The criminal complaint details key findings of a complex, multi-year investigation based on evidence collected within the U.S. and internationally.”

According to the allegations contained in the criminal complaint, which was filed on June 8 in United States District Court in Los Angeles and made public today, Park was a computer programmer who worked for over a decade for KEJV. The company had offices in China and the DPRK, and is affiliated with Lab 110, a component of DPRK military intelligence. In addition to the programming done by Park and his group for paying clients around the world, the conspiracy also engaged in malicious cyber activities.

Security researchers that have independently investigated these activities referred to this hacking team as the “Lazarus Group.” The conspiracy’s methods included spear-phishing campaigns, destructive malware attacks, exfiltration of data, theft of funds from bank accounts, ransomware extortion, and propagating “worm” viruses to create botnets.

The complaint describes a broad array of malicious cyber activities, both successful and unsuccessful, in the United States and abroad, with a particular focus on four specific examples.

Targeting the Entertainment Industry

In November 2014, the conspirators launched a destructive attack on Sony Pictures Entertainment (SPE) in retaliation for the movie “The Interview,” a comedy that depicted the assassination of the DPRK’s leader. The conspirators gained access to SPE’s network by sending malware to SPE employees, and then stole confidential data, threatened SPE executives and employees, and damaged thousands of computers.

Around the same time, the group sent spear-phishing messages to other victims in the entertainment industry, including a movie theater chain and a U.K. company that was producing a fictional series involving a British nuclear scientist taken prisoner in DPRK.

Targeting Financial Services

In February 2016, the conspiracy stole $81 million from Bangladesh Bank. As part of the cyberheist, the conspiracy accessed the bank’s computer terminals that interfaced with the Society for Worldwide Interbank Financial Telecommunication (SWIFT) communication system after compromising the bank’s computer network with spear-phishing emails, then sent fraudulently authenticated SWIFT messages directing the Federal Reserve Bank of New York to transfer funds from Bangladesh to accounts in other Asian countries.

The conspiracy attempted to and did gain access to several other banks in various countries from 2015 through 2018 using similar methods and “watering hole attacks,” attempting the theft of at least $1 billion through such operations.

Targeting of U.S. Defense Contractors

In 2016 and 2017, the conspiracy targeted a number of U.S. defense contractors, including Lockheed Martin, with spear-phishing emails. These malicious emails used some of the same aliases and accounts seen in the SPE attack, at times accessed from North Korean IP addresses, and contained malware with the same distinct data table found in the malware used against SPE and certain banks, the complaint alleges.

The spear-phishing emails sent to the defense contractors were often sent from email accounts that purported to be from recruiters at competing defense contractors, and some of the malicious messages made reference to the Terminal High Altitude Area Defense (THAAD) missile defense system deployed in South Korea. The attempts to infiltrate the computer systems of Lockheed Martin, the prime contractor for the THAAD missile system, were not successful.

Creation of Wannacry

In May 2017, a ransomware known as WannaCry 2.0 infected hundreds of thousands of computers around the world, causing extensive damage, including significantly impacting the United Kingdom’s National Health Service. The conspiracy is connected to the development of WannaCry 2.0, as well as two prior versions of the ransomware, through similarities in form and function to other malware developed by the hackers, and by spreading versions of the ransomware through the same infrastructure used in other cyber-attacks.

Park and his co-conspirators were linked to these attacks, intrusions, and other malicious cyber-enabled activities through a thorough investigation that identified and traced email and social media accounts that connect to each other and were used to send spear-phishing messages; aliases, malware “collector accounts” used to store stolen credentials; common malware code libraries; proxy services used to mask locations; and North Korean, Chinese and other IP addresses. Some of this malicious infrastructure was used across multiple instances of the malicious activities described in the complaint. Taken together, these connections and signatures – revealed in charts attached to the criminal complaint – show that the attacks and intrusions were perpetrated by the same actors.

Accompanying Mitigation Efforts

Throughout the course of the investigation, the FBI and the Justice Department provided specific information to victims about how they had been targeted or compromised, as well as information about the tactics and techniques used by the conspiracy with the goals of remediating any intrusion and preventing future intrusions. That direct sharing of information took place in the United States and in foreign countries, often with the assistance of foreign law enforcement partners.

The FBI also has collaborated with certain private cybersecurity companies by sharing and analyzing information about the intrusion patterns used by the members of the conspiracy. In connection with the unsealing of the criminal complaint, the FBI and prosecutors provided cybersecurity providers and other private sector partners detailed information on accounts used by the conspiracy in order to assist these partners in their own independent investigative activities and disruption efforts.

Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison. The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencings of the defendant will be determined by the assigned judge.

The charges contained in the criminal complaint are merely accusations and the defendant is presumed innocent unless and until proven guilty.

In addition to the criminal charges, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) today designated Park and KEJV under Executive Order 13722 based on the malicious cyber and cyber-enabled activity outlined in the criminal complaint.

This matter is being prosecuted by Executive Assistant United States Attorney Stephanie S. Christensen, Assistant United States Attorney Anthony J. Lewis of the Terrorism and Export Crimes Section, Assistant United States Attorney Anil J. Antony of the Cyber and Intellectual Property Crimes Section, and DOJ Trial Attorneys David Aaron and Scott Claffee of the National Security Division’s Counterintelligence and Export Control Section. The Criminal Division’s Office of International Affairs provided assistance throughout this investigation, as did many of the FBI’s Legal Attachés, and foreign authorities around the world.

—–

SOURCE: news provided by JUSTICE.GOV on Thursday, September 6, 2018.

#california news #Chosun Expo #cyberattacks #Department of Justice #DOJ #North Korean Regime Backed Programmer #Park Jin Hyok #Regime Backed Programmer #Sony pictures entertainment #TodayNews #WannaCry ransomware attack

0 notes

ddevices · 2 years

Text

What is The Way That Ransomware's Evolution Altered The Threat Landscape

From WannaCry to Conti: A 5-Year Perspective

Five years ago on May 12, 2017, the entire globe was struck by a massive ransomware attack known as WannaCry. It was a huge attack of a massive scale and it spread across the world in a ball of flames, with more than 200 000 Windows computers across 150 countries affected in a matter of days. The damage caused by the attack is estimated to be billions dollars of damage.

In the month preceding the WannaCry attack, the hacker group is known as"the Shadow Brokers publicly leaked an exploit developed by the National Security Agency (NSA). The exploit known as EternalBlue was founded on a vulnerability in Windows SMB and allowed code execution on a remote computer. Although the patch was released previously by Microsoft prior to the Shadow Brokers leak, a majority of machines across the globe remained unpatched which, in turn, made them vulnerable and permitted EternalBlue to be a significant factor in the catastrophic success of WannaCry. It was armed with stupendously the ability to move laterally, which is inspired by the Leaked NSA software, and the fundamental ransomware malware turned out to be one of the extremely successful cyberattack ever.

Although not particularly vulnerable certain of the most prominent WannaCry victims were the UK's National Health Service (NHS) which was running a variety of susceptible equipment. The NHS was the most affected. The NHS was the only NHS trusts affected by the outbreak. The other major victims of the global epidemic were Spanish's Telefonica telecom service in addition to telecom companies banking institutions, bankers, railways system, and the Interior Ministry in Russia. Authorities, hospitals, and large corporations all were susceptible to the virus. The virus was wiped out by researchers after they turned off"kill switches "kill switch" which was embedded inside the malicious program. Although it didn't help security systems already in place however, it drastically reduced the speed of spreading of the infection.

On the 18th day of December, 2017, on the 18th day of December the U.S. Government formally announced that it believed North Korea to be the main cause of the WannaCry attack, and the following countries: Canada, New Zealand, Japan and the UK in addition to Japan as well as Canada further confirming these assertions. In September of 2018 it was revealed that in September 2018, the U.S. Department of Justice (DoJ) stated it clear that it had filed first formal charges of North Korean citizen Park Jin-Hyok. The DoJ said there was evidence to suggest that Park was an North Korean hacker working as part of a hacking organization that was known as the "Lazarus Group" and was also involved in an attack referred to by the name of WannaCry attack and other things.

It's not clear about what was the main goal that was the main purpose behind WannaCry ransomware. It was clearly created to steal cash from victims. The victims were forced to pay $300 within a period of seven days. The money was intended for Bitcoin during the time when cryptocurrency was a major draw to North Korea as the U.S. was in the process of imposing international sanctions with the goal of removing the country from the world due to its nuclear program. The global impact of the attack, as well as other Lazarus Group regime-backed activities, however, suggests that aside from the financial aspect, the perpetrators were really seeking chaos through confusion dismay, destruction, and chaos.

WannaCry attack changed the security landscape not only because of its enormous impact and impact, but also because of its massive impact on the cybersecurity landscape. The first massive multi-vectored cyberattack, fueled by state-sponsored actors. It was a significant moment in the history of cybersecurity that inspired people around the world, and altered the entire landscape of security the next five years.

In celebration of the five anniversary anniversary WannaCry attacks Check Point has created the ransomware hub, which is filled with reports, blogs, podcasts, webinars and live video and information on ransomware attacks and the impact they have on

Ransomware as a means of actors of the state of the nation

It has been a topic of political debate from the beginning, the WannaCry attack was the catalyst for the idea of using ransomware to protect national security concerns. The end of summer 2017, just one month after an attack that was similar to the WannaCry attack, Ukraine suffered a catastrophic cyberattack, carried by NotPetya ransomware that seriously affected banks as the public transportation system and energy firms, as well as the public sector. The attack was carried out by Sandworm, a organization comprised of Russian security hackers belonging to the military, and was designed as an ultimatum to Ukraine in the long-running cyberwar Russia has engaged in against its neighbour in the south. After an attack it was realized that, from Ukraine the threat quickly became widely spread across the globe: Perhaps inspired by WannaCry's disastrous success, NotPetya was also using EternalBlue to propagate between computers, which accelerated its spread and caused harm. The malware was not designed for profit and spread quickly, but to expand and cause damage and harm, with a plausible explanation of a ransomware which affected victims were unable to access their information and the operation was stopped for a number of months. A number of large companies that are publicly traded have stated through their reports to the Securities and Exchange Commission that the attack caused them loss hundreds of millions of dollars worth of loss of business and recovery efforts including the world's biggest shipping company Maersk and the pharmaceutical giant Merck as well as several hospitals throughout the U.S.

In the year 2020 Iranian actors backed by the nation state began to add ransomware-related variants of their offensive activities. The ransomware-related attacks proved efficient tools for disrupting or undermine the victims. Between 2020 and 2121 around 6 Iranian threats, including MosesStaff, Pay2Key, Black Shadow and APT35 were identified to be ransomware-related variants. They targeted mainly the Iranian regime's most powerful adversaries, that include Israel and the U.S.

In the beginning of 2022 that coincided with the beginning of the war that was developing among Russia and Ukraine various cyber-attacks of technological nature were discovered that targeted Ukrainian people. Most notable among them utilized the wiper malware dubbed as "HermeticWiper" as well as the ransomware codenamed "HermeticRansom". The GoLang-based code and process are easy to understand and appear to have been developed in a hurry, which suggests it was designed to block users from accessing their personal information as well as to enhance the efficiency of cyber-attacks. HermeticRansom was employed in conjunction alongside HermeticWiper focused on government officials as well as financiers within Ukraine, Latvia, and Lithuania.

Because of the success of these operations that are subject to public scrutiny and the massive destruction of networks are the key to the success - we can confirm that WannaCry legacy lives on and well, and is promoting ransomware in sanctioned nations like North Korea and Iran, and with Russia as one of these countries at the moment. Ransomware is still a viable tool to accomplish their political goals no matter if it's creating harm or making ransom demands through cryptocurrency that is a tried and tested method of evading sanctions.

From drive-bys as with email-based spam to ransomware that impacts every domain

In the WannaCry period of 2017, ransomware was often spread via huge spam email campaigns and drive-by downloads that were facilitated by Exploit Kits meaning that anyone and anyone could become affected. Drive-by attacks allowed ransomware hackers to infect those who hadn't been to a compromised website before without taking any other action, heavily relying on non-patched browsers and plug-ins, like Internet Explorer and Adobe Flash to attack the victim effectively. Ransomware-related emails used social engineering methods to allow victims get ransomware. They were typically distributed via spam botnets. The most effective example of each method that uses "spray and hope" distribution was GandCrab ransomware, which whose administrators and affiliates made around 2 billion dollars of ransom as part of their various campaigns.

Since the introduction of anti-virus protection and the demise of exploit kits ransomware's distribution stopped and cybercriminals realized that one successful corporate victim could make the same amount as a plethora of non-corporate victims, with less effort. The spread of ransomware shifted from being a simple game of numbers, to more specific strategies toward "big game hunting" which is a procedure which allows sophisticated threat actors to discover and possibly buy the permission to access corporate organisations. This has resulted in hackers behind the most well-known malware families that started as trojans for banks , such ones like Emotet, Trickbot, Dridex, Qbot, and others have shifted the purpose of their botnets to search for potential targets for ransomware-related attacks.

Once the initial infection within corporate environments is identified the threat actors begin extensive searches and recon procedure focused on locating the most lucrative targets. Threat actors may spend days or even weeks seeking out compromised networks in order to identify assets of significant value, and then removing any backups accessible, thereby increasing the destruction. The rigors and complexity of such targeted attacks on organizations has turned ransomware attacks over the process over time to an company of that is their own. The most trusted ransomware organizations nowadays are not just an operational one which includes the creation of custom tools and infrastructure, but they also run an operational business , which focuses on the first entry into lucrative markets, evaluating the ability of the company to pay and gathering information on the victims all to boost the revenue they earn.

From a basic locker to a variety of

There was no demand for payment. WannaCry ransomware's demand was low for every victim. The ransomware demanded $300. Then it increased the amount to $600 if the payment was not completed within the first three days. Based on information from the public, the ransomware didn't work as an financial operation, with gains of about $143,000. As time passed it became clear that the low payout rate wasn't solely a result of the WannaCry ransomware, but it's also a problem with the whole ransomware business model.

In the years following those who pose as threats started to develop new strategies to increase their earnings. They first tried shifting to corporate goals and later using more pressure on them to get to pay. In 2020, the double-extortion method of ransomware was identified and, to this day, is widely accepted as a normal method in the field of ransomware. Double exortion ransomware is a multi-stage ransomware attack that combines traditional encryption of the victim's information along with the transfer of the victim's personal information from the company, via servers managed by an attacker. The attacker then informs victims that their data is accessible to them. information and threatens to release the stolen data to the general public if they are not paid within the stipulated timeframe. This puts pressure on victims to meet the demands of attackers, and places the victim at risk of being penalized by the data protection regulators. To make it more difficult for double extortion, several members of ransomware organizations have created shame blogs in which they share the names of the victims and sometimes details of people who do not pay the ransom.

To make things more complicated, at close to the year 2020,, the actors developed new strategies to exert more pressure on victims. They refer to it as "triple exortion" that is that are based on the risk of additional infrastructure damage, like DDoS attacks against the assets of victims until they settle, or threats to third parties. In October of 2020 Vastaamo hospital in Finland was the target. Vastaamo healthcare facility in Finland discovered that it was among the victims of a one-year security breach that led to massive data loss for patients and the launching of a ransomware-based attack. In addition to the ransom demands from the healthcare organization itself and by the hackers, they issued smaller ransom demands to patients individually, and threatened the patients to divulge their personal notes from therapy sessions. The triple extortion technique was quickly used from other performers. The most well-known performers is REvil group, which for instance provided their members with the capability to record voices encrypted VoIP communications to reporters and colleagues. They also employed third-party firms to intensify pressure on victims.

A problem in national security

The development of ransomware has always designed to increase the ransomware's cost. Over time, they have realized the targets that have a higher image can fetch more. The years 2018-2019 were in which the majority of governments weren't prepared to face the growing threat of ransomware, ransomware gangs that were discovered among the general public,, particularly at the state and in the municipality level were the most targeted targets . Additionally, their businesses were destroyed by ransomware attacks. A few like Baltimore The US Baltimore city Baltimore and Baltimore have had to battle ransomware attacks twice.

The growing stakes and increased awareness that the targeted organizations had reached reached their highest during the month of May 2021. This was due to the ransomware attack on Colonial Pipeline, which shut the biggest pipeline used for gasoline and jet fuel over vast areas of both the South and along the East Coast and led to shortages of fuel. The incident, where the nation's infrastructure was seized by hackers of hackers, prompted authorities from and the U.S. government, and many other governments to change their attitude towards ransomware criminals. They moved away from preemptive or reactive measures to proactive offensive measures that targeted the perpetrators and their infrastructures and financial backing.

Following that, in the U.S., the Department of Justice (DoJ) has classified the ransomware threat as being a security risk to the country, putting it in the same category of danger as terrorist activities. The DoJ's Office of Foreign Assets Control (OFAC) has issued its first sanctions on the Russian-operated currency exchange SUEX that is involved in ransomware-related payment and also released an updated guidance on the dangers of sanctioning ransomware-related payment. In the months following after that, there was a declaration by the European Union and an additional 31 nations announced they would join in the fight to block other cryptocurrency exchanges to seek to stop the practice of laundering money, which is usually associated with ransomware. The next month, after ransomware was found, the Australian Government announced the "Ransomware Action Plan" which included the formation of a task force specifically for ransomware and a sever sanctions for hackers who use ransomware.

This meant that there was more money to fight cybercrime, as well as a better collaboration across borders between police and government agencies. In the wake of the new law enforcement policy for combating ransomware many ransomware victims and their associates were detained in various countries. The most notable of these was the international joint operation that was conducted by Interpol named "Operation Cyclone" during November 2021. This operation led to the seizure of infrastructure, as well as the arrest of associates with money laundering who were associated with Cl0p the group that was the source of the Accellion breach that led to double and triple extortions until 2021. Furthermore, REvil was reprimanded by the U.S. Department of Justice along with other Federal agencies. Further action was taken against REvil. The actions included arrests of members as well as seizures from $6 million US dollars in ransom money and the confiscation of devices as well as an offer of bounty that was worth $10 million. The date was January 20 and 2022. The police from Russia announced that they'd destroyed the group of criminals called REvil and had indicted a few of the group's members. This was seen as an exceptional gesture of goodwill and also was a signpost to the beginning of a new era in the business of the ransomware.

Conclusion

In the last five years, ransomware-related attacks have traversed a long journey that spans from messy sprays , prayer emails to multi-million-dollar companies that conduct specific and controlled assaults against businesses in almost every geographical region, and within every sector. Western countries, who have had a long history of years ago, started to take this problem with seriousness. However, the ransomware industry is still thriving mainly due to the authorities in local jurisdictions who shut down the groups that are responsible for distributing ransomware, particularly in Eastern Europe. Because of the ongoing conflict within the area that is dividing Russia as well as Ukraine in the background the future of police cooperation between Russia and Western nations to combat this threat may not be as bright as it seemed just 2 months back. The ransomware shadow economy is entirely dependent on cryptocurrency and, as the war persists, the sanctions imposed upon US police U.S. against crypto crime continue to increase rapidly. In April 2022, OFAC was in a position to sanction Garantex which is a platform for exchange of virtual currency, and the largest and most crowded market for darknets Hydra Market. The two organizations are part of an international partnership to prevent the rise of cybercrime-related frauds as along with illegal drugs that pose a risk and other products.

DIGITAL DEVICES LTD

Long before Apple set an average consumers mindset to replacing their handheld gadgets in two years, Digital Devices Ltd believed in Moore's law that computing will double every two years. With our heritage from the days of IBM Personal Computer XT, our founders have gone through the technology advancements of the 1990s and 2000s realizing that technology is an instrumental part of any business's success. With such a fast pace industry, an IT department can never be equipped with the tools and training needed to maintain their competitive edge. Hence, Digital Devices has put together a team of engineers and vendor partners to keep up with the latest industry trends and recommend clients on various solutions and options available to them. From forming close relationships with networking and storage vendors like Juniper, SolarWinds and VMWare to high-performance computing by HPE or AWS Cloud solutions, Digital Devices Limited offers the latest technology solutions to fit the ever-growing needs of the industry.

Our experts can guide you through the specifications and build cost efficiencies while providing high end, state-of-the-art customer services. We research and analyses market and its current demand and supply chain by offering wide range of bulk supplies of products like AKG C414 XLII, Shireen Cables DC-1021, Shireen Cables DC-2021, Dell p2419h monitor, Dell U2419H, Dell P2719H, Dell P2219H, Lenovo 62A9GAT1UK, LG 65UH5F-H and Complete IT Infrastructure products and services.

0 notes

jaguarmen99 · 6 years

Quote

米政府は6日、近年で最大級の被害を引き起こした世界規模のハッキング事件数件に関与したとして、北朝鮮国営企業の下で働いていた同国のプログラマーを訴追したと発表した。　訴追されたのは、パク・ジニョク（Park Jin Hyok）容疑者。米政府は同容疑者が関与した事件として、ランサムウエア（身代金要求型ウイルス）「ワナクライ（WannaCry）」の世界的な感染拡大や、2014年の米映画製作大手ソニー・ピクチャーズエンタテインメント（Sony Pictures Entertainment）に対するサイバー攻撃、2016年のバングラデシュ中央銀行に対するサイバー強盗を挙げている。　米国の司法、財務両省によれば、パク容疑者は、「北朝鮮政府または朝鮮労働党に代わり」これらの有名なハッキング事件を首謀したハッカー集団「ラザルス・グループ（Lazarus Group）」のメンバーだった。　司法省は、コンピューター詐欺の共謀と、電子詐欺の共謀の罪でパク容疑者を訴追。また財務省は、パク容疑者と、同容疑者が働いていた国営企業��朝鮮エキスポ（Chosun Expo Joint Venture）」に金融制裁を科したことを発表した。(c)AFP

米、北朝鮮プログラマーを訴追 WannaCryやソニー攻撃に関与疑い　写真3枚　国際ニュース：AFPBB News

6 notes · View notes

arxsec · 6 years

Link

The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world."

#security #cybersecurity #tech #hack #hacking #vulnerability #virus #malware

1 note · View note

nknewsincn · 4 years

Text

300字讀電子報》金小胖讓北韓變有錢的新招：偷數位貨幣；五年偷了13億美元這份起訴書指出，北韓籍男子Park Jin Hyok 在2020年1月和2月向美國國務院和國防部，以及多家美國科技公司的員工，發送魚叉式網路釣魚郵件，有時 ... https://ift.tt/3aGlaii

#朝鮮 #北韓 #IFTTT

0 notes

btchabercisi · 4 years

Text

ABD: Kuzey Koreli hackerlara Nijeryalı Instagram yıldızı yardım etti

ABD Adalet Bakanlığı, Kuzey Kore hükümeti için çalışırken banka ve finans kuruluşlarından 1.3 milyar dolar ve kripto para çalma teşebbüsüyle suçladığı Jon Chang-hyok, Kim Vilayet ve Park Jin-hyok’a Nijeryalı bir ismin yardım ettiğini açıkladı. ‘Ray Hushpuppi’ olarak da bilinen 37 yaşındaki Instagram yıldızı Ramon Olorunwa Abbas, Şubat 2019’daki teşebbüslerinde kelam konusu üç hacker ile işbirliği…

View On WordPress

0 notes

teneec · 4 years

Text

Kuzey Koreli hackerlardan 1.3 milyarlık soygun girişimi

ABD Adalet Bakanlığı, Kuzey Kore uyruklu 3 hackera ülkedeki bankalara 1.3 milyar doların üzerinde ve dijital kripto para çalma girişimi nedeniyle dava açıldığını açıkladı. California’daki iddianamede yetkililerin, söz konusu Kuzey Koreli Jon Chang Hyok, Kim Il ve Park Jin Hyok’un üst düzey yazılım programıyla yüksek profilli film stüdyolarını ve kripto para tüccarlarını hedef aldığını ve Kuzey…

View On WordPress

#Kuzey Kore #Yılında

0 notes

1suara · 4 years

Text

Trio Hacker Asal Korut Serang AS, Gondol Rp 18 Triliun

Technologue.id, Jakarta – Tiga orang hacker asal Korea Utara dituntut Amerika Serikat atas tuduhan peretasan yang merugikan sejumlah perusahaan. Mereka adalah Jon Chang Hyok, Kim Il, dan Park Jin Hyok. Ketiganya telah mencuri uang dalam bentuk mata uang kripto (cryptocurrency) dari bank hingga prusahaan studio film dengan total kerugian mencapai US$1,3 miliar atau sekitar Rp18 triliun. Baca…

View On WordPress

0 notes

xrpvibe · 4 years

Text

North Korean hackers indicted in US over stolen $1.3B in digital currencies, cash

The U.S. Department of Justice has unsealed an indictment charging three men with cyberattacks that led to the loss of $1.3 billion in cash and digital currencies. The DoJ identified the three suspects as part of a North Korean government’s elite group that targets financial institutions globally. In a press release, the DoJ alleged that the suspects—36-year-old Park Jin Hyok, 27-year-old Kim Il…

View On WordPress

#13B #cash #Currencies #Digital #Hackers #indicted #Korean #North #Stolen

0 notes

investmart007 · 6 years

Text

California News: North Korean Regime-Backed Programmer, Park Jin Hyok Charged in Conspiracy to Conduct Multiple Cyberattacks and Intrusions

New Post has been published on https://is.gd/SVImT7

California News: North Korean Regime-Backed Programmer, Park Jin Hyok Charged in Conspiracy to Conduct Multiple Cyberattacks and Intrusions

North Korean Hacking Team Allegedly Responsible for WannaCry Ransomware, Destructive Cyberattack on Sony Pictures, and Cybertheft from Bangladesh Bank

Park Jin Hyok – COMPLAINT

The complaint describes a broad array of malicious cyber activities, both successful and unsuccessful, in the United States and abroad, with a particular focus on four specific examples.

Targeting the Entertainment Industry

Targeting Financial Services

Targeting of U.S. Defense Contractors

Creation of Wannacry

Accompanying Mitigation Efforts

The charges contained in the criminal complaint are merely accusations and the defendant is presumed innocent unless and until proven guilty.

—–

SOURCE: news provided by JUSTICE.GOV on Thursday, September 6, 2018.

0 notes

bkmediablog · 4 years

Text

US Government Expands Charges Against North Korean Hackers- Authorities Describe Them as The 'World's Leading Bank Robbers' – Security Bitcoin News

US Government Expands Charges Against North Korean Hackers- Authorities Describe Them as The ‘World’s Leading Bank Robbers’ – Security Bitcoin News

The U.S. Department of Justice (DOJ) unsealed new charges against the North Korean state-sponsored Lazarus Group. The hackers are allegedly responsible for stealing over $1.3 billion in cryptocurrencies and fiat during coordinated cyber-heists. North Korean Hackers Also Developed and Deployed Malicious Crypto Apps According to the announcement, law enforcement expanded charges to Park Jin Hyok, a…

View On WordPress

#Authorities #Bank #bitcoin #Charges #Describe #Expands #Government #Hackers #Korean #Leading #News #North #Robbers #Security #Worlds

0 notes

freenewstoday · 4 years

Photo

New Post has been published on https://freenews.today/2021/02/17/u-s-charges-3-north-koreans-with-hacking-and-stealing-millions-of-dollars/

U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars

WASHINGTON — The Justice Department on Wednesday unsealed charges against three North Korean intelligence officials accused of hacking scores of companies and financial institutions to thwart U.S. sanctions, illegally fund the North Korean government and control American corporations deemed enemies of the state, including Sony Pictures Entertainment.

The charges are the government’s latest effort to show that North Korea has engaged in a brazen, yearslong effort to undermine and attack institutions around the world and steal millions of dollars even as the United States and its allies intensify efforts to rein in the country and its nuclear ambitions.

One of the officials, Park Jin-hyok, a member of North Korea’s military intelligence agency, was accused by the Justice Department in 2018 of participating in the Sony hacking that crippled the company, as well as the WannaCry cyberattack on Britain’s National Health Service, and an attack on the Bangladeshi central bank and financial institutions around the world.

Building on that investigation, the Justice Department indicted Mr. Park and two more North Korean spies, Jon Chang-hyok and Kim Il, on charges related to those attacks, as well as new accusations that they tried to steal more than $1.3 billion in money and digital currencies from financial institutions and companies.

“Simply put, the regime has become a criminal syndicate with a flag, which harnesses its state resources to steal hundreds of millions of dollars,” John C. Demers, the head of the Justice Department’s National Security Division, said in a statement.

Prosecutors declined to say how much money the hackers actually obtained.

Separately, federal prosecutors charged Ghaleb Alaumary, 37, a dual citizen of the United States and Canada, with organizing a network of people in those countries to launder millions of dollars that the North Korean government obtained from the hackers. Mr. Alaumary pleaded guilty to the charge.

Wednesday’s broad indictment supports the findings of a report released this month by Recorded Future, a cybersecurity research group, that concluded that North Korea has greatly expanded its ability to use the internet to financially prop up its government even though the United States and its allies have choked off oil supplies and imposed strict sanctions on the country.

The report also found that North Korea has vastly improved its ability to steal cryptocurrencies like Bitcoin.

The charges illustrate just how adept Pyongyang has become at exploiting the world of such cryptocurrencies, as the value of Bitcoin has surpassed $50,000 and large corporations and financial institutions have begun to embrace digital currencies.

The Justice Department accused the intelligence officers of luring investors into a fake digital coin investment scheme, stealing cryptocurrencies from financial institutions, and creating malware to target cryptocurrency apps and take control of victims’ computers.

Mr. Jon and Mr. Kim were accused of working with Mr. Park to operate illegal hacking schemes from North Korea, China and Russia beginning as early as 2014, when they attacked Sony in retaliation for the company’s decision to make and release a movie, “The Interview,” that depicted a plot to assassinate Kim Jong-un, the leader of North Korea.

The disastrous attack wiped out 70 percent of the company’s computer capabilities, crippled operations and contributed to the resignation of the studio’s chairwoman, Amy Pascal.

After the Sony attack, prosecutors said, the three men used malware-laden phishing emails to gain access to Bangladesh Bank computers, which are connected to the global banking communication system, and ultimately direct the Federal Reserve Bank of New York to transfer money from Bangladesh Bank to accounts controlled by the hackers. They were able to steal only $81 million because an official at the reserve bank noticed that the word “foundation” was misspelled, scrutinized the transaction and halted the transfer of an additional $900 million, according to government documents in the case against Mr. Park.

The three men also used the crippling WannaCry malware to infiltrate and paralyze the British health care system’s computer network, according to court papers, and they tried to break into the computer networks of U.S. defense contractors.

Those schemes were largely known, as they made up the bulk of the charges against Mr. Park, which were unveiled three years ago.

But federal prosecutors also revealed new accusations that the hackers cashed out money from A.T.M.s, resulting in $6.1 million stolen from BankIslami Pakistan alone; that they used the WannaCry ransomware to extort money from victims after it was used against the British health system; and that they tried to break into energy, aerospace and technology companies and the State and Defense Departments, as recently as last year.

The hackers were accused of trying to steal more than $1.2 billion from banks around the world, most recently in 2019 when, prosecutors said, they infiltrated the computer systems of a bank in Malta and sent commands to transfer funds.

But some of their most notable schemes were cryptocurrency-related.

The three men allegedly created at least nine pieces of malware disguised as software used for trading or storing cryptocurrencies, giving them access to the computers of their victims. Last summer, they used one of those pieces of malware to steal about $11.8 million worth of cryptocurrency from an unspecified New York financial institution, which they also tried to extort.

They also created an initial coin offering — essentially an initial public offering to raise money for a new digital coin — for a digital token called Marine Chain Token that purportedly allowed investors to buy interest in shipping vessels. They were accused of using fake identities to pitch the potential investors in Singapore and planned to get approval to publicly trade the token in Hong Kong, never disclosing that the money raised from investors would actually be used to evade U.S. sanctions against North Korea, according to the indictment.

And they were charged with stealing tens of millions of dollars’ worth of cryptocurrency, including more than $111 million from companies in Slovenia, Indonesia and New York.

Mr. Demers said during a news conference that there was little chance that any of the men, who live in North Korea, would be arrested. But the Justice Department publicly revealed their identities and the accusations against them, he said, to show the public the seriousness of the threats from countries like North Korea. The department also wanted to demonstrate that it is able to identify the criminals behind cyberattacks and to warn those hackers and the countries that support them, he said.

“If the choice here is between remaining silent while we at the department watch nations engage in malicious, norms-violating cyberactivity, or charging these cases, the choice is obvious,” Mr. Demers said in a statement. “We will charge them.”

Source

0 notes