The Justice Department has officially indicted a North Korean agent for both the devastating cyberattacks on Sony Pictures in 2014 and the worldwide "WannaCry" ransomware attack of May 2017. This historic indictment marks the first time the United States has brought direct charges against a Pyongyang operative.
The indicted individual is identified as Park Jin Hyok, a North Korean computer programmer. According to the Justice Department, he participated in the data theft and 'wiper' attacks on Sony Pictures on behalf of the Reconnaissance General Bureau. The RGB is a clandestine military intelligence agency that oversees "Unit 121" and "Lab 110", North Korea's cyber warfare units.
Park is charged with conspiracy and conspiracy to commit wire fraud. He and other unidentified operatives are accused of being members of the Lazarus Group, which also has been implicated in the ambitious attempt to steal $1 billion from the Bangladesh Bank in 2016 (they still got away with $81 million), and to the infamous WannaCry 2.0 ransomware virus that affected more than 230,000 computers in 150 countries last year.
Worried about ransomware attacks on your home or business?
According to the indictment, Park worked for Chosun Expo Joint Venture, an alleged North Korean government front company based both in North Korea and China. Park and others associated by Chosun Expo are alleged to have carried out attacks on US defense contractors, financial institutions university faculty, technology companies, virtual currency exchanges, and US electric utilities.
The United States wasn't the only country rocked by WannaCry and related attacks. Naturally, the DPRK targeted many South Korean institutions, and the British National Health service was also significantly disrupted by ransomware attacks, putting many lives at risk. US intelligence was able to identify Park through email accounts at Chosun Expo under his own name that were used to sign up to services related to the hacking operations.
Will there be a new WannaCry?
By divulging this information, the Justice Department clearly wants to send a message to enemies and allies alike that the US is capable to identifying and countering the perpetrators of cyberattacks, but it remains to be seen just how much more information will become public.
This could be an awkward look for sitting US President Donald J Trump, who last week stressed a friendly relationship between the USA and DPRK, praising North Korean ruler Kim Jong Un on Twitter:
Kim Jong Un of North Korea proclaims “unwavering faith in President Trump.” Thank you to Chairman Kim. We will get it done together!— Donald J. Trump (@realDonaldTrump) September 6, 2018
For the rest of us, the scale and scope of the North Korean cyberattacks, particularly those of the WannaCry ransomware, should be a cautionary tale. Shots have been fired, but the next stages of the information war still lie ahead.
What do you think the US should do to protect citizens from cyberattacks? Do you use your own ransomware protection?