US indicts North Korean hackers for illicit shipping cyber scheme

The indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted by the North Korean regime, said the FBI Deputy Director Paul Abbate.

The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering, states Acting U.S. Attorney Tracy L. Wilkison for the Central District of California.

The hacking indictment filed in the U.S. District Court in Los Angeles alleges that the three North Korean computer programmers, were members of units of the Reconnaissance General Bureau (RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in criminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity community, including Lazarus Group and Advanced Persistent Threat 38 (APT38).

The indictment claims a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain. Among the schemes alleged, one regarded the development and marketing in 2017 and 2018 of the Marine Chain Token to enable investors to purchase fractional ownership interests in marine shipping vessels, supported by a blockchain. This would allow the DPRK to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.

While these defendants were part of RGB units that have been referred to by cybersecurity researchers as Lazarus Group and APT38, the indictment alleges that these groups engaged in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.