The US Department of Justice has indicted what it claims is a North Korean spy over the WannaCry virus outbreak and the December 2014 attack on Sony Pictures Entertainment.
Park Jin Hyok works for North Korea's Reconnaissance General Bureau (RGB), the country's military intelligence agency, and is alleged to have been involved in a string of cyber attacks that have widely been attributed to North Korea's Lazarus Group - most notably, the attempted $951 million theft from Bangladesh Bank, as well as a string of attacks on banks around the world.
Most recently, the finger of blame was pointed at North Korea for the $13.5 million attack on India's Cosmos Cooperative Bank, in which the bank's ATM systems were compromised to enable associates around the world to withdraw more than $11 million from cash machines, with a further $2 million transferred via compromised SWIFT international payments systems.
Lazarus is an all-encompassing term for a group that security experts have identified via the trails they leave behind following cyber attacks. This evidence typically includes re-used attack tools and code, as well as similarities in terms of the way in which code is written and the Group's tactics. Lazarus has been active since at least 2007, but is believed to feature a shifting membership.
The DoJ claims that Park was in the US just before the 2014 attack on Sony Pictures Entertainment, but left the country just before the attack commenced.
"The subjects targeted individuals and entities associated with the production of The Interview [a film that lampooned North Korean leader Kim Jong-un] and employees of Sony Pictures Entertainment (SPE), sending them malware that the subjects used to gain unauthorised access to SPE's network. Once inside SPE's network, the subjects stole movies and other confidential information, and then effectively rendered thousands of computers inoperable," claims the indictment.
It also claims that Park and his group were behind the cyber heist at Bangladesh Bank, successfully stealing $81 million before the series of SWIFT transfers were stopped, as well as a series of other financial institutions around the world since 2015.
They have also targeted defence contractors, universities, technology companies, virtual currency exchanges and US electrical utilities.
Many of the intrusions were carried out using the same computers or digital devices, using the very same accounts or overlapping sets of email or social media accounts
The indictment also explicitly connects Park and, by extension, the North Korean government, in the creation and propagation of the WannaCry virus that crippled computers across the world in May 2017. The NHS was particularly badly affected, with the National Audit Office claiming that the monolithic organisation barely knew how to respond to the attack.
"While some of these computer intrusions or attempted intrusions occurred months or years apart, and affected a wide range of individuals and businesses, they share certain connections and signatures, showing that they were perpetrated by the same group of individuals (the subjects)," the indictment continues.
"For instance, many of the intrusions were carried out using the same computers or digital devices, using the very same accounts or overlapping sets of email or social media accounts, using the same aliases, and using the same cyber infrastructure, including the same IP addresses and proxy services."
Park, it adds, "was a programmer employed by the government of North Korea, and worked for Chosun Expo, a North Korean government front company affiliated with one of the North Korean government's hacking organizations, sometimes known as ‘Lab 110', starting in at least 2002. Some programmers employed by Chosun Expo stationed abroad - including Park - did some work for paying clients on non-malicious programming projects.
"In particular, Park worked among a team of North Korean programmers employed by Chosun Expo in Dalian, China, who did programming and information technology projects for paying clients around the world, some of whom knew they were employing North Korean programmers.
"Although Park worked in China for at least some time between 2011 and 2013, he appears to have returned to North Korea by 2014, before the cyber-attack on Sony Pictures."
The indictment of Park not only firms up claims made over the years about the North Korean government's involvement in cyber crime, but also indicates that other individuals alleged to be behind the attack could also be identified and outed by the DoJ.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago