Financial Crime World

North Korean Hackers Charged with Extortion and Cybercrime Scheme

A trio of North Korean hackers was charged on Tuesday with a global extortion and cybercrime scheme that stole tens of millions of dollars worth of cryptocurrency and sensitive data from hundreds of companies around the world.

The Scheme

According to an indictment filed in the U.S. District Court in Los Angeles, the three defendants - Jon, Kim, and Park - were members of units of the Reconnaissance General Bureau (RGB), North Korea’s premier intelligence agency. They worked with a money launderer, Ghaleb Alaumary, to carry out the scheme from March 2016 through September 2020.

Malicious Cryptocurrency Applications

The hackers developed and deployed multiple malicious cryptocurrency applications, including:

  • Celas Trade Pro
  • WorldBit-Bot
  • iCryptoFx
  • Others

These applications provided them with a backdoor into their victims’ computers. They used these applications to target hundreds of cryptocurrency companies, stealing tens of millions of dollars worth of cryptocurrency.

Notable Cases

In one notable case, the hackers stole $75 million from a Slovenian cryptocurrency company in December 2017. In another, they stole $24.9 million from an Indonesian cryptocurrency company in September 2018. They also targeted financial services companies, including one in New York that lost $11.8 million to the hackers.

Spear-Phishing Campaigns and Token Sales

In addition to their cryptocurrency heists, the hackers conducted spear-phishing campaigns against employees of U.S. cleared defense contractors, energy companies, and technology firms. They also developed and marketed a token called Marine Chain Token, which was used to secretly obtain funds from investors and evade U.S. sanctions.

Money Laundering

Alaumary, a 37-year-old Canadian national, agreed to plead guilty to his role in laundering millions of dollars obtained through the scheme. He worked with Ramon Olorunwa Abbas, aka “Ray Hushpuppi,” to launder funds from a North Korean-perpetrated cyber-enabled heist from a financial services company.

Seized Cryptocurrency

The FBI and U.S. Secret Service seized cryptocurrency stolen by the hackers from a victim in New York, worth approximately $1.9 million. The money will be returned to the victim.

Charges and Sentencing

The defendants are charged with:

  • One count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison.
  • One count of conspiracy to commit wire fraud and bank fraud, which carries a maximum sentence of 30 years in prison.

Investigation and Prosecution

The investigation was led by the FBI’s Los Angeles Field Office, which worked closely with the FBI’s Charlotte Field Office, U.S. Secret Service, and other agencies around the world. The case is being prosecuted by Assistant U.S. Attorneys Anil J. Antony and Khaldoun Shobaki of the Cyber and Intellectual Property Crimes Section.

Presumption of Innocence

The charges are merely accusations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt.