The US Department of Justice (DOJ) has brought charges for the first time against a North Korean hacker.
The target: Park Jin Hyok is accused of being part of the Lazarus Group, a hacker collective that does the bidding of North Korea’s military intelligence agency. According to the DOJ’s complaint, the North Korean agent worked through a front company called Chosun Expo Joint Venture and operated out of both North Korea and China.
His targets: The Lazarus Group launched a high-profile cyberattack on Sony Pictures Entertainment, which was targeted in 2014 after putting out a film called The Interview that made fun of North Korea’s leader, Kim Jong-Un. Investigators believe it also pulled off an $81 million cyberheist and created WannaCry 2.0, a ransomware program that causes havoc by encrypting data and freezing computers.
A growing list: The DOJ seems to be increasingly willing to name and shame nation-state hackers. Earlier this year, Special Counsel Robert Mueller indicted 11 Russians accused of meddling in the 2016 US presidential election, and the department has called out Chinese hackers for stealing intellectual property.
But will it change things? Unlikely. Sure, the people fingered won’t be able to visit the US for a vacation any more, but that wasn’t going to happen anyway. And hacking’s a low-cost way of stealing secrets and disrupting elections, so the countries in question won’t stop using it as a strategy. North Korea already has other groups operating in addition to Lazarus. But the indictments do signal that America takes this stuff seriously, and that intelligence and law enforcement agencies aren’t asleep at the cyber wheel.