Skip to Content

America to North Korea: We’ve spied your hacking spy

September 6, 2018

The US Department of Justice (DOJ) has brought charges for the first time against a North Korean hacker.

The target: Park Jin Hyok is accused of being part of the Lazarus Group, a hacker collective that does the bidding of North Korea’s military intelligence agency. According to the DOJ’s complaint, the North Korean agent worked through a front company called Chosun Expo Joint Venture and operated out of both North Korea and China.

His targets: The Lazarus Group launched a high-profile cyberattack on Sony Pictures Entertainment, which was targeted in 2014 after putting out a film called The Interview that made fun of North Korea’s leader, Kim Jong-Un. Investigators believe it also pulled off an $81 million cyberheist and created WannaCry 2.0, a ransomware program that causes havoc by encrypting data and freezing computers.

A growing list: The DOJ seems to be increasingly willing to name and shame nation-state hackers. Earlier this year, Special Counsel Robert Mueller indicted 11 Russians accused of meddling in the 2016 US presidential election, and the department has called out Chinese hackers for stealing intellectual property.

But will it change things? Unlikely. Sure, the people fingered won’t be able to visit the US for a vacation any more, but that wasn’t going to happen anyway. And hacking’s a low-cost way of stealing secrets and disrupting elections, so the countries in question won’t stop using it as a strategy. North Korea already has other groups operating in addition to Lazarus. But the indictments do signal that America takes this stuff seriously, and that intelligence and law enforcement agencies aren’t asleep at the cyber wheel.


Deep Dive


Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Moving money in a digital world

Security is the critical element to expanding digital-first payments.

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.