Kim Il, 27, is a North Korean U.S. prosecutors say is a member of APT38, a group of hackers working for the North Korean government. APT stands for “Advanced Persistent Threat.”
APT38 is also known as “Lazarus Group.”
Kim and his colleagues allegedly focus on earning money for North Korea’s sanctioned government through their hacking. They also work to steal intellectual property, block legitimate COVID 19 vaccination development, and punish North Korea’s Supreme Leader Kim Jong-un’s enemies.
Some of APT38’s more notable attacks include the WannaCry malware from 2017, the theft of $81 million from the central bank of Bangladesh in 2016, and the 2014 attack on Sony Pictures.
Cybersecurity firm FireEye called APT38 “unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations.” FireEye called the hackers “active and dangerous.”
Prosecutors say Il also ran a scam tied to Marine Chain Token and Initial Coin Offering, which fooled investors to purchase fractional ownership shares in marine shipping vessels but sent the funds to North Korea. The investments secretly allowed North Korea to evade U.S. sanctions.
Prosecutors also say Kim has been “directly involved in the development and dissemination of a malicious cryptocurrency application.”
Kim faces conspiracy charges to commit wire fraud, bank fraud, and carry out computer intrusions. As part of APT38 he’s also thought to be an employee of North Korea’s “Reconnaissance General Bureau,” a military intelligence agency.
Kim sometimes calls himself Julien Kim or Tony Walker.
He also has traveled to Russia and Singapore, the FBI said, and speaks English and Mandarin Chinese in addition to Korean.