The US justice department has charged an alleged North Korean spy with a host of high-profile cyberattacks, including the $81 million Bangladesh Bank hack.
In a criminal complaint unsealed on Thursday, Park Jin Hyok was charged with involvement in the North Korean government-sponsored hacking team known as 'Lazarus Group' linked to the 2017 WannaCry 2.0 global ransomware attack, the 2016 Bangladesh Bank theft, and the 2014 hit on Sony Pictures Entertainment, among others.
Lazarus, and North Korea, have long been linked with the Bangladesh Bank attack, which saw hackers use the Swift messaging system to convince the Federal Reserve Bank of New York to transfer $81 million from the victim's account to accounts they controlled in the Philippines.
The DoJ complaint alleges that the group attempted to and did gain access to several other banks - including in Vietnam, the Philippines, Africa and Southeast Asia - from 2015 through 2018 using similar methods and “watering hole attacks,” attempting the theft of at least $1 billion.
Assistant Attorney General Demers says: "The Complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage."
Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years.
However, the US has no formal relations with North Korea, meaning Park is unlikely to ever face an American courtroom.