The US Department of Justice (DoJ) and the FBI yesterday (17th February) brought criminal charges against three North Korean cyber actors, thought to be part of the Lazarus Group.

The indictment alleges that the individuals were involved in malicious activity including the targeting of the entertainment industry, ATM cash-out attacks, the creation of ransomware and spearphishing campaigns.

NCSC Director for Operations, Paul Chichester said:

“We fully support the criminal charges against members of the Lazarus Group announced by our partners in the FBI and US Department of Justice.

“Working with our allies we are committed to countering malicious activity by state and non-state actors and will defend ourselves from disruptive behaviour in cyber space.”

Further information

• Read the DoJ and FBI announcement
• The UK has previously attributed the WannaCry ransomware incident to the Lazarus Group in December 2017, in parallel with the US, Australian, Canada, New Zealand, Japan and supported by Denmark. This ransomware incident impacted 300,000 computers in 150 countries, including 48 NHS trusts.
• The UK previously identified organisation Chosun Expo (linked to the Lazarus Group), for facilitating and supporting the WannaCry attack, and has sanctioned them under the UK autonomous cyber sanctions regime: https://www.gov.uk/government/news/foreign-secretary-welcomes-first-eu-sanctions-against-malicious-cyber-actors