Last month, we warned of the dangers that the FBI’s most wanted cybercriminals pose. Among these criminals are the perpetrator of the cyberattacks against HBO and the developer of the Zeus malware. And there is now a new name at the top of the list.

Park Jin Hyok, who has officially been charged by the US Department of Justice for carrying out the WannaCry attacks, among other cybercrimes.

According to the investigators, Park works for a company called Korean Expo Joint Venture, a front for the Korean government that, alongside illegal activities, also carries out legitimate software and IT support. Apart from working in this company, Park allegedly belongs to the hacking group known, among other names, as Lazarus Group – a group that has carried out numerous cyberattacks against South Korea.

One of the clues that helped track down Park was his use of free email services such as Gmail, which he used both for legitimate business at his company, and to carry out phishing attacks and other crimes.

As well as the criminal charges, the Treasury Department has announced that it will impose sanctions against Park and against the company. In a statement, it said, “North Korea has demonstrated a pattern of disruptive and harmful cyber activity that is inconsistent with the growing consensus on what constitutes responsible state behavior in cyberspace.”

While it is unlikely that Park will ever be handed over the the US authorities, according to Martyn Williams, a journalist specialized in North Korean affairs, it is a symbolic step from the American government: an official accusation against the North Korean government is a rare move.

A long criminal record

The most notorious cybercrime of which Park is accused is WannaCry, the 2017 global ransomware attack that affected computers in over 150 countries, and had an estimated cost of up to $4 billion worldwide.

Another accusation is that he was behind the 2014 hack of Sony Pictures. This attack was carried out using a piece of malware called Destover. During the incident, 100 terabytes of information was leaked, including personal emails, films, information about salaries, and scripts of future films.

Suspicions about this attack already fell on North Korea at the time, due in part to the fact that one of the attackers’ demands was the withdrawal of the film ‘The Interview’, in which two journalists attempt to assassinate the North Korean leader, Kim Jong Un.

Along with these cyberattacks, he is also accused of being involved in the 2016 robbery of the Bangladesh Central Bank. Using sophisticated malware to have visibility of the IT system, the attackers were able to observe how the bank’s operations worked. With this information, they carried out fraudulent transactions worth $850 million dollars. According to the FBI report, the malware could have got onto the system using a version of the BEC scam [p. 58 of the report].

Although the bank was able to recover a large part of the money –  it is estimated that the bank’s total loss was around $81 million – it was still one of the largest thefts of this type in history.

How to keep your company safe from the most wanted cybercriminals

One of the main reasons to hire a cybersecurity solution for your company is to gain time: having the right tools to be able to react immediately to a cyberattack can make the difference between being a victim and staying safe.

One way to do so is to have a cybersecurity suite that provides an active search for threats. This way, the company can stay ahead of cybercriminals and react before an attack takes place. This is exactly what Panda Adaptive Defense 360’s Threat Hunting service does.

This managed service from Panda provides visibility of all activity on the corporate network, so that you know exactly what is happening at all times. Adaptive Defense 360 classifies 99.98% of processes via machine learning, and the remaining 0.02% are classified by Panda’s expert cybersecurity analysts. Advanced technologies like this allowed Panda to protect all clients with Adaptive Defense installed in Lock mode from WannaCry. It is an advanced cybersecurity solution that is still protecting the endpoints of companies all over the world.