The US has named and indicted two more members of the infamous North Korean military hacking group known as Lazarus, which it said is responsible for stealing over $1.3bn from various entities.
A federal indictment unsealed yesterday named three members of military intelligence agency the Reconnaissance General Bureau (RGB), aka Lazarus or APT38.
Park Jin Hyok, 36, was previously charged in a complaint unsealed in 2018, and is joined by Jon Chang Hyok, 31 and Kim Il, 27.
The Department of Justice (DoJ) claimed the three were involved in some of the group’s most audacious campaigns, including: attacks on Sony Pictures Entertainment and AMC Theaters, cyber-heists targeting SWIFT transfers at Bangladesh Bank and other financial institutions, and the creation of WannaCry.
They’re also accused of ATM cash-out thefts, including the $6.1m October 2018 raid of BankIslami Pakistan, creating and deploying malicious cryptocurrency apps to provide backdoor access to victim machines and stealing tens of millions from cryptocurrency companies.
The trio were named as conspirators in spear-phishing campaigns targeting multiple US government, energy, defense, tech and aerospace organizations, and the development of a Marine Chain Token designed to secretly funnel investor funds to the Hermit Kingdom.
Prosecutors also unsealed one charge against Ghaleb Alaumary, 37, of Mississauga, Ontario, for his role as a money launderer for North Korean schemes including the above ATM cash-outs, BEC attacks and other fraud. Alaumary has already pleaded guilty and is currently being prosecuted in Georgia for involvement in a separate BEC scheme.
He is said to have organized “teams” of co-conspirators in the US and Canada to launder millions for the Kim Jong-un regime.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released further information on the malicious cryptocurrency apps mentioned above.
Posing as legitimate trading platforms, the AppleJeus malware is actually designed to steal cryptocurrency from victims, and has been around since 2018.
Source: Infosecurity Magazine