dprk_hacking_-_indictment_0_0.pdf (327 KB)

The U.S. Justice Department indictment alleged that three North Korean RGB-linked programmers, associated in security reporting with Lazarus Group and APT38, conducted a long-running conspiracy spanning destructive attacks, financial theft, extortion, and cryptocurrency operations. The charged activity included the Sony Pictures attack, attempted SWIFT-enabled bank thefts exceeding $1.2 billion, FASTCash ATM cash-outs, WannaCry 2.0, ransomware/extortion schemes, and malicious cryptocurrency applications used as backdoors. The indictment also described targeting of cryptocurrency companies, including thefts from Slovenian, Indonesian, and New York financial or crypto entities, plus spear-phishing against U.S. defense, energy, aerospace, technology, State Department, and Defense Department personnel. A related case charged a money launderer who allegedly helped move proceeds from North Korean ATM cash-out and cyber-enabled bank-heist operations, underscoring the operational link between DPRK intrusion activity and financial laundering infrastructure.