Federal prosecutors in Los Angeles Thursday announced criminal charges against a North Korean national who allegedly led a government-sponsored 2014 hacking attack on Sony Pictures Entertainment that led to the release of thousands of studio emails and financial documents.

Park Jin Hyok, a computer programmer, worked for a company known as Korea Expo Joint Venture, which prosecutors contend is a front for a North Korean government-led hacking operation. In addition to the attack on Sony — which was in retaliation for the studio’s release of the comedy “The Interview,” about a assassination plot against North Korean leader Kim Jong Un — the hacking team also allegedly orchestrated the 2016 theft of $81 million from Bangladesh Bank, according to the U.S. Attorney’s Office.

The criminal complaint against Hyok was filed June 8 in U.S. District Court in Los Angeles, but was publicly announced Thursday. Prosecutors allege Hyok was a member of a hacking team known as the “Lazarus Group” that engaged in so-called “spear-phishing” hacks, malware attacks, bank account thefts, ransomware extortion and the spreading of “worm” viruses.

Hyok allegedly worked with the Korea Expo Joint Venture for more than a decade. Prosecutors said the firm had offices in China and North Korea and was affiliated with “Lab 110,” an arm of North Korean military intelligence.

The Sony hacking attack in 2014 was attributed at the time to a group calling itself “Guardians of Peace.” The hackers demanded that Sony cancel the release of “The Interview,” starring Seth Rogen and James Franco, and threatened violence against theaters that showed the film, prompting many cinemas to cancel engagements of the movie. Sony eventually opted not to release the film in theaters, releasing it instead via digital downloads.

The hackers made public thousands of emails of Sony executives, including some embarrassing and racially insensitive exchanges that ultimately led to the resignation of studio head Amy Pascal.

Park is charged with one count of conspiracy to commit computer fraud and abuse, which carries a maximum five-year prison sentence, and one count of conspiracy to commit wire fraud, with a max sentence of 20 years in prison.

Leave a comment

Your email address will not be published.