In an indictment unsealed in California, authorities described a range of brazen operations carried out by the trio from 2014 to 2020, targeting high-profile movie studios and cryptocurrency traders with sophisticated technology that national security officials said underscored the country's status as a leading cybercrime threat.
Members of a military intelligence agency, the three hackers are accused of carrying out the 2014 attack on Sony in retaliation for a movie that lampooned the North Korean leader, as well as a devastating hit on the central bank of Bangladesh in 2016, which netted the rogue nation some $81 million.
They're also said to have orchestrated digital heists of cryptocurrency and intrusions of ATMs using novel strands of malware.
"As laid out in today's indictment, North Korea's operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world's leading bank robbers," said John Demers, the head of the Justice Department's National Security Division, at a news conference.
Jon Chang Hyok, Kim Il, and Park Jin Hyok are believed to be in North Korea, according to Kristi Johnson, the assistant director in charge of the FBI's Los Angeles field office. Prosecutors in 2018 first charged Park in relation to the Sony and Bangladesh bank hacks.
According to the indictment, the three were stationed at times in other countries outside of North Korea, including Russia and China.
As Western sanctions have crippled the North Korean economy, the Justice Department has warned that the country is developing some of the most advanced capabilities to steal money online, distinguishing it from other US adversaries across the globe.
"The scope of these crimes by the North Korean hackers is staggering. They are the crimes of a nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime," said Tracy Wilkison, the acting US attorney in Los Angeles.
Officials acknowledged Wednesday that the new charges and wanted posters distributed by the FBI online are not likely to result in the arrest of the hackers, but national security officials favor publicizing charges like these as part of a "name and shame" campaign that draws attention to the issue and serves as a warning to hackers that authorities are watching.
The FBI and Department of Homeland Security also on Wednesday released a joint advisory and analysis of some of the malware produced and deployed by the North Koreans in their cryptocurrency heists that authorities said was designed to provide the public with information on how to avoid intrusions and remedy any infections.
The unsealing of the indictment was timed to coincide with the announcement of a plea deal reached in a related case involving a Canadian-American citizen who allegedly laundered money for the North Korean hackers, Justice Department officials said.
Ghaleb Alaumary was a high-level and trusted money launderer for the North Koreans who, according to a plea agreement, conspired to steal and launder tens of millions of dollars from cyber bank heists.
Alaumary and others laundered the money through bank accounts, wire transfers and by converting it to cryptocurrency, according to Jesse Baker, special agent in charge of the Secret Service's Los Angeles field office.
"This laundering was sophisticated and really extensive, but these methods left an information trail. We really had to collect the dots in order to connect the dots," Baker said.