North Korean hackers sanctioned, facing charges for Sony hack, Wannacry ransomware attack

Key Points
  • A North Korean hacker suspected of both the cyberattack on Sony Pictures in 2014 and the Wannacry ransomware attack in 2017 was criminally charged Thursday, as the Treasury Department sanctioned both the hacker and the North Korea entity he worked for.
  • The hacker, Park Jin Hyok, is suspected of working for North Korea's Reconnaissance General Bureau.
  • The hack on Sony Pictures came as a result of anger over the studio's film "The Interview," a comedy about a harebrained scheme to assassinate Kim Jong Un, the North Korean dictator.
Park Jin Hyok
Source: Justice Department

A North Korean hacker suspected of the cyberattack on Sony Pictures, the Wannacry ransomware attack and the brazen cyberheist of Bangladesh Bank was named in a criminal complaint revealed Thursday, as the Treasury Department sanctioned that man and a North Korea entity that employed him.

The hacker, Park Jin Hyok, is also suspected of trying to hack into Lockheed Martin's THAAD Missile defense system project currently deployed in South Korea. Park is suspected of working for North Korea's Reconnaissance General Bureau, a leading intelligence agency of that country.

The complaint against Park describes a "wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of the government of the Democratic People's Republic of Korea, commonly known as North Korea."

The one-two punch against North Korea came hours after President Donald Trump warmly thanked Kim Jong Un, the North Korean dictator, after Kim reportedly told representatives of South Korea that he still has faith in Trump and in their commitment to denuclearize the Korean Peninsula.


But the Treasury Department's statement announcing the actions Thursday said they were in direct response to "the Government of North Korea's malign cyber activities." The Treasury said the sanctions were being unveiled in conjunction with federal criminal charges for the hackers.

Park, who is a computer programmer, and the Chosun Expo Joint Venture both were hit with sanctions by the Treasury Department.

The Treasury said the joint venture, also known as Korea Expo Joint Venture, is "a front for the North Korean government," according to the Justice Department.

"The scale and scope of the cyber-crimes alleged by the complaint is staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations," said Assistant Attorney General for National Security John C. Demers.

"The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars' worth of damage."

Park, who is not in custody, was charged with conspiracy and conspiracy to commit wire fraud by federal prosecutors.

The department said Park is part of the conspiracy responsible for the Wannacry and Sony attacks, as well as the February 2016 fraudulent transfer of $81 million from Bangladesh Bank.

Park and his unidentified co-conspirators "operated from North Korea, China, and elsewhere to perpetrate these malicious activities," according to the Treasury Department. The sanctions will bar Americans from dealing with Park or the joint venture. The sanctions also will lock up any property or interests held by the the targets of the sanctions.

Treasury Secretary Steven Mnuchin said, "We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions."

Pedestrians walk past Sony Pictures Studios in Los Angeles, Dec. 4, 2014.
Frederic J. Brown | AFP | Getty Images

"The United States is committed to holding the regime accountable for its cyber-attacks and other crimes and destabilizing activities," Mnuchin said.

The 2014 hack on Sony Pictures came as a result of anger over the studio's film "The Interview," a comedy about a harebrained scheme to assassinate Kim Jong Un.

The attack led to the release of thousands of emails and documents, and to the resignation of Sony Pictures Co-chair Amy Pascal, who had joked in emails about asking President Barack Obama about black-themed films.

Last December, then White House homeland security advisor Tom Bossert said North Korea was "directly responsible" for the Wannacry attack, which in May 2017 infected up to 300,000 computers in 150 countries with a virus. Among the victims were Britain's National Health Service, which had to close emergency rooms in a number of hospitals as a result.

The Treasury Department, in a press release, said, "North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace."

"Our policy is to hold North Korea accountable and demonstrate to the regime that there is a cost to its provocative and irresponsible actions."

North Korea has denied the allegations of hacking.

Correction: Sony Pictures was hacked in 2014. An earlier version misstated the year.