North Korean charged over involvement in WannaCry attack

Park Jin Hyok, a North Korean programmer, is accused of being a member of the network – known as the Lazarus Group – that created the WannaCry ransomware and conducted global attacks on the entertainment and financial sectors.   

As well as organisations in more than 100 countries, WannaCry severely disrupted 48 NHS trusts across the UK.  

The charges against Mr Jin Hyok are the result of evidence obtained by the National Crime Agency’s (NCA’s) cyber crime unit, which linked the attack to others already under investigation by the FBI. 

According to the US Department of Justice, Mr Jin Hyok was an employee of a government-owned company named Chosun Expo Joint Venture. 

Investigators say Chosun Expo was initially a joint project between the South and North Korean governments and was meant to be an e-commerce and lottery website.  

However, South Korean officials pulled out of the deal, while the North Korean government continued to manage the company through various individuals.  

Despite Mr Jin Hyok’s attempts to mask his real name, emails and IP addresses, investigators eventually uncovered links to his ‘real-world account’.  

Working with Regional Organised Crime Units, Europol, industry partners and the National Cyber Security Centre, the NCA collated and shared evidence with the FBI to support the charges against Mr Jin Hyok.  

Senior Investigating Officer Paul Hoare, of the NCA, said: “Colleagues in the FBI have opened charges against a single defendant alleged to be involved in a conspiracy to conduct high profile cyber attacks – including creating the WannaCry ransomware – that affected the NHS and many other organisations in the UK.”  

He said the charges, made on Thursday (September 6), were “the culmination of extended and complex inquiries made by the NCA and law enforcement partners in the United States.  

“We have worked closely with the NCA Cyber Security Industry Group in the UK, and their invaluable contribution helped us produce key evidence to support the charges,” added Mr Hoare.  

NCA Director-General (Operations) Steve Rodhouse said: “The ransomware attacks that affected the UK appear to be part of a series, and it’s right that they are prosecuted together to show the full scale of offending.  

“The collaboration between UK and US law enforcement has been strong and effective and these charges show that we will not tire in our efforts to identify those who believe they can hide behind a computer and cause havoc across the world, regardless of their motivation or status  

“The past year has shown that cyber attacks have real-world consequences and can cause enormous reputational and financial damage to businesses of all sizes. The Wannacry attack highlighted that cybercrime affects not just the country’s prosperity and security, but also affects our everyday way of life. 

“The distinction between nation states and criminal groups in terms of cybercrime is becoming frequently more blurred and today’s charges are a significant step forward in our investigation.”