The US Justice Department indicted three North Koreans in December on charges related to cyberattacks to steal over $1.3 billion in crypto and traditional currencies from banks and companies.

The indictment, filed in December and disclosed Wednesday, alleges that the three -- Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36 -- were members of the Reconnaissance General Bureau, a North Korean military intelligence agency that engages in criminal hacking.

Wednesday’s indictment builds on the FBI’s 2018 charges against Park in the hacking of Sony Pictures Entertainment and others in the entertainment industry, allegedly for revenge over a movie about a fictional assassination of the North Korean leader. That was the first time the US had brought charges against an alleged Pyongyang operative.

North Korea’s military hacking units are known by various names in the cybersecurity community, the department said, including Lazarus Group and Advanced Persistent Threat 38.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said US Assistant Attorney General John Demers of the Justice Department’s national security division.

Wednesday’s indictment alleged that the North Korean hackers developed multiple malicious cryptocurrency applications from March 2018 through at least September 2020, which provided them with backdoors into the victims’ computers, and stole cryptocurrency worth $75 million from a Slovenian cryptocurrency firm in December 2017, $24.9 million from an Indonesian cryptocurrency firm in September 2018 and $11.8 million from a financial services company in New York in August 2020.

The US Justice Department also accused the North Koreans of developing and marketing a Marine Chain Token to obtain funds from investors through an initial coin offering, which would have enabled North Korea to control interests in marine shipping vessels and evade US sanctions.

The latest indictment also added more detail to the 2018 allegations, saying the North Koreans created the WannaCry 2.0 ransomware in 2017 and used it to extort money from victim companies until 2020; attempted to steal over $1.2 billion from banks in cyber-enabled heists; stole money through ATM cash-out schemes; and conducted spear-phishing campaigns in which they sent emails containing malware to employees of US defense contractors, energy companies, aerospace firms and tech firms from March 2016 through February 2020.

The US attorney’s office in Los Angeles and the FBI obtained warrants to seize about $1.9 million in cryptocurrency allegedly stolen by the hackers from a New York bank, and the money will be returned to the bank, according to the Washington Post.

The defendants live in North Korea but traveled to Russia and China and worked there, the indictment alleged.

“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of crimes they have committed is staggering,” said acting US attorney Tracy Wilkison for the Central District of California, who led the investigation with the FBI.

“The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up the regime.”

The latest indictment comes as the Joe Biden administration continues to review its North Korea policy.

By Kim So-hyun (sophie@heraldcorp.com)