A North Korean man has been charged over the NHS cyber attack of 2017
It was announced earlier this week that US prosecutors have charged a North Korean man alleged to have been involved in the creation of the software used to compromise the UK’s National Health Service.
In May of 2017, the NHS fell victim to the WannaCry ransomware attack. This worldwide cyber attack left NHS staff locked out of their computer systems. It was announced this week that a North Korean citizen, Park Jin Hyok, has been charged with the creation of the malicious software used. The US Department of Justice alleged the North Korean cyber group he worked for had caused major damage.
John Demers, Assistant Attorney General for National Security, said:
“The scale and scope of the cyber crimes alleged by the complaint are staggering and offensive to all who respect the rule of law and the cyber norms accepted by responsible nations.”
The Lazarus Group
Mr Park has been linked with the Lazarus Group, the hacking group that is blamed for the hack on Sony Pictures in 2014. He has been charged with one count of conspiracy to commit computer fraud and abuse, and wire fraud.
Mr Demers continued:
“The complaint alleges that the North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations; retaliated against free speech in order to chill it half a world away; and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage.”
Working with the US government
Identifying Mr Park as the hacker for WannaCry 2017 was a difficult task, according to the US government. The attribution of cyber attacks is often very difficult because of the ability of skilled hackers to hide their tracks.
Working alongside the US government, the NHS is now receiving justice for the hacks that it faced during WannaCry last year.
Head of Operations at the National Crime Agency, Steve Rodhouse, said:
“The collaboration between UK and US law enforcement has been strong and effective. These charges show that we will not tire in our efforts to identify those who believe they can hide behind a computer and cause havoc across the world, regardless of their motivation or status.”
Become Cyber Essentials certified
This government-approved certification helps to secure the supply chain as accredited businesses must adopt basic security measures that will help them to protect their business against 80% of cyber attacks.