This undated photo published by the FBI shows Park Jin Hyok, a computer programmer accused of working at the behest of the North Korean government.
A computer programmer accused of working at the behest of the North Korean government was accused on Thursday of several high-profile cyber-attacks, including the Sony Pictures Entertainment hack and the WannaCry ransomware virus that affected hundreds of thousands of computers around the world.
Park Jin Hyok, who is believed to be in North Korea, conspired with others to carry out a series of attacks that also stole $ 81 million from a bank in Bangladesh, according to the criminal complaint by the Department of Justice.
The US government UU He thinks he was working for a piracy organization sponsored by North Korea and had he previously said that North Korea was responsible for Sony's 2014 hack.
That attack led to the publication of a treasure trove of confidential personal information about Sony employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among senior executives.
The trick included four Sony movies, including "Annie", and one that was in theaters, the Brad Pitt & # 39; Fury & # 39; movie, and cost the company tens of millions of dollars.
The FBI had long suspected that North Korea was also behind last year's WannaCry cyber attack, which used malware to encode data in hospitals, factories, government agencies, banks and other companies around the world.
"This was one of the most complex and long cybernetic investigations that the department has carried out," said John Demers, assistant general counsel for national security.
US Attorney, Tracy Wilkison, announces a criminal complaint against Park Jin Hyok in Los Angeles on Thursday
Sony was hacked in 2015, which led to the publication of a treasure trove of confidential personal information about Sony employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives.
US officials believe Sony's hack was a retribution for & # 39; The Interview & # 39 ;, a comedy film starring Seth Rogen and James Franco and focused on a plan to assassinate North Korea's leader, Kim Jong Un .
Sony canceled the theatrical release of the film amid threats for moviegoers, but launched it online through YouTube and other sites.
A Sony spokeswoman declined to comment on Thursday. Attempts by The Associated Press to reach the alleged hacker were not immediately successful. Two Gmail addresses identified in the FBI in the complaint were listed as disabled.
Among the emails launched in the hack was an exchange between Amy Pascal, then co-chair of the study, and the producer of The Social Network, Scott Rudin, where they joked about what might be favorite movies of then-President Barack Obama, listing & # 39; 12 Years a Slave & # 39; and movies of black comedian Kevin Hart.
The couple apologized. Pascal left his job months later.
In addition to targeting Sony, hackers sent spear phishing emails to employees of AMC Theaters, who had planned to shoot the film, and to a British company that produced a fictional television about a scientist held prisoner in North Korea, officials said. .
The hackers used the same aliases and accounts of the Sony attack when they sent spear-phishing emails to several US defense contractors. UU., Including Lockheed Martin and others in South Korea, authorities said.
The criminal complaint, filed in Los Angeles, alleges that the hackers committed several attacks from 2014 to 2018. The investigation continues.
"The criminal behavior outlined in this case is intolerable," said Tracy Wilkison, the first assistant US attorney in Los Angeles. "The conspiracy backed by North Korea sought to crush freedom of expression in the US and in the UK, robbed banks around the world and created indiscriminate malware that paralyzed computers and disrupted the delivery of medical care."
This wanted poster published by the FBI shows a picture of Park Jin Hyok believed to be in North Korea
Cybersecurity experts have said that parts of the WannaCry program use the same code as the malware previously distributed by the hacker group known as Lazarus Group, which is believed to be responsible for the Sony hack.
The indictment said that Park was part of a team of programmers who employed an organization called Chosun Expo that operated from Dalian, China, and that the FBI described as "a government front company."
A website registered in North Korea with the name of that company described Chosun Expo as the "first Internet company" in the country, stating that it was established in 2002 and hired 20 young graduates from institutions such as Kim Il Sung University, Kimcheon Industrial University and the Pyongyang University of Art.
A 2015 version of the company's website said it focused on games, gambling, electronic payments and image recognition software. It seemed in many ways like a typical technology company, which prided itself on its "pioneer" IT talent and customer satisfaction. In July 2016, according to the records of Internet archives, the company stopped using the reference to North Korea from its home page.
Park Jin Hyok is accused in connection with several high-profile cyber-attacks, including the Sony Pictures Entertainment hack and the WannaCry ransomware virus that affected hundreds of thousands of computers around the world
Some time later, the site disappeared from the web.
The emails sent to the generic email address of Chosun Expo and the original website registrant, whose name was given as Won Sun Chol, were not sent again.
It is the first time that the Justice Department has filed criminal charges against a hacker who is said to be from North Korea. In recent years, the department has accused hackers from China, Iran and Russia in the hope of publicly shaming other countries for sponsoring cyberattacks on US corporations.
In 2014, for example, the Obama administration accused five Chinese military hackers of a series of digital thefts in US companies, and last year, the Department of Justice accused Russian hackers of an intrusion into Yahoo Inc.
The Treasury Department also added Park Jin Hyok's name to its sanctions list, which prohibits banks doing business in the United States from providing accounts to him or Chosun Expo.
It is unlikely that he will be extradited because the US UU They have no formal relations with North Korea and the North Korean government was not notified about the charges.