The U.S. Justice Department today indicted three North Korean nationals for their alleged role in the hacking and ransomware attacks that targeted cryptocurrency exchanges, banks and the entertainment industry among others.

Jon Chang Hyok, Kim Il and Park Jin Hyok are accused of being members of the Reconnaissance General Bureau, a military intelligence agency of North Korea that engaged in criminal hacking. The North Korean military hackers are also known by several other names, including the Lazarus Group and Advanced Persistent Threat 38.

The Justice Department alleges that the three were involved in the hack of Sony Pictures Entertainment in 2014 as well as attempts from 2015 to 2019 to steal more than $1.2 billion from banks through sending fake Society for World Interbank Financial Telecommunications messages. Justice also cited a raft of other hacks: ATM cash-out schemes, the creation and distribution of the WannaCry 2.0 ransomware in 2017 and subsequent extortion of companies through 2020, the deployment of malicious cryptocurrency applications, the targeting and theft of cryptocurrency from a number of exchanges, so-called spear-phishing campaigns that targeted U.S. government employees as well as energy, aerospace and defense companies, and finally the development of Marine Chain Token, a token that went through an initial coin offering in breach of U.S. sanctions.

In addition to the indictment, Justice also unsealed a charge against Ghalen Alaumary, a Canadian resident accused of operating as a money launderer for the North Korean conspiracy.

“The ongoing targeting, compromise and cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative efforts of the FBI in close collaboration with U.S. and foreign partners,” Federal Bureau of Investigation Deputy Director Paul Abbate said in a statement. “By arresting facilitators, seizing funds and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and hold North Korea accountable for its/their criminal cyber activity.”

Kevin Dunne, president at application governance platform provider Greenlight Technologies Inc. told SiliconANGLE that the indictment is a reminder that bad actors always find creative ways to gain access to the systems where they reside.

“Typically, the greater the number of digital assets you have at risk, the greater the reward for bad actors, explaining why many large multi-national corporations were a prime target of these attacks,” Dunne said. “Any company with valuable digital assets at risk needs to operate with the mindset that bad actors will gain access to their systems at some point. Companies should invest in a comprehensive approach to implement zero-trust security, therefore limiting the damage hackers can cause once they gain access.”

Tim Wade, technical director for the Chief Technology Officer Team at Vectra AI Inc., noted that private-sector organizations in many industries will continue to be targeted by nation-state actors whose resources to attack may exceed their resources to defend against them.

“As such, attempting to play a symmetrical game of preventative controls against an asymmetrical adversary is a losing proposition,” ” Wade added. ” The key for modern network defenders is evolution past prevention objectives into strategic resilience objectives – where the balance tips back in the favor of the defender by focusing on cost-effectively diminishing impact through broadening detection, response and recovery capabilities.”

Photo: fljckr/Flickr