U.S. Justice Department says Canadian to plead guilty to laundering money stolen by North Korean cyberattackers

A Canadian with joint U.S. citizenship has agreed to plead guilty to American charges of being a money launderer for North Korean hackers.

The U.S. Justice Department issued a statement Wednesday confirming the news. It also separately unveiled a federal indictment charge against three computer programers in North Korea’s military intelligence agency for participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, including the 2014 hacking of Sony Pictures Entertainment, the creation of the destructive WannaCry 2.0 ransomware in 2017, and the extortion and attempted extortion of victim companies from 2017 through 2020 involving the theft of sensitive data and deployment of other ransomware.

It’s alleged that more than US$1.3 billion of money and cryptocurrency from financial institutions and companies was stolen or extorted.

The trio is alleged to be part of a North Korean threat group dubbed by security researchers as Lazarus Group and Advanced Persistent Threat 38 (APT38).

The statement said Ghaleb Alaumary, 37, of Mississauga, Ont., has agreed to plead guilty to money laundering for the North Korean conspiracy. Alaumary, it’s alleged, was a “prolific money launderer for hackers engaged in ATM cash-out schemes, cyber-enabled bank heists, business email compromise (BEC) schemes, and other online fraud schemes.”


Canada helped confirm North Korea behind Wannacry ransomware, says U.S. [Full story]


He is also being prosecuted for his involvement in a separate BEC scheme by the U.S. Attorney’s Office for Georgia’s Southern District.

Allegedly, Alaumary organized teams of co-conspirators in the U.S. and Canada to launder millions of dollars obtained through ATM cash-out operations, including BankIslami and a bank in India in 2018. Alaumary allegedly conspired with others to launder funds from a Maltese bank in February 2019 through a North Korean-perpetrated cyber-enabled heist.

Last summer, the U.S. Attorney’s Office in Los Angeles charged a man in a separate case alleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams.

The indictment against the three North Koreans expands on the FBI’s 2018 charges relating to several cyber incidents, including:

  • Cyberattacks on the entertainment industry: The destructive cyberattack on Sony Pictures Entertainment in November 2014 in retaliation for “The Interview,” a movie that depicted a fictional assassination of North Korea’s leader; the December 2014 targeting of AMC Theatres, which was scheduled to show the film; and a 2015 intrusion into Mammoth Screen, which was producing a fictional series involving a British nuclear scientist taken prisoner in North Korea.
  • Cyber-enabled heists from banks: Attempts from 2015 through 2019 to steal more than US$1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking the banks’ computer networks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages.
  • Cyber-enabled ATM cash-out thefts: Thefts through ATM cash-out schemes – referred to by the U.S. government as “FASTCash” – including the October 2018 theft of US$6.1 million from BankIslami Pakistan Limited (BankIslami).
  • Ransomware and cyber-enabled extortion: Creation of the destructive WannaCry 2.0 ransomware in May 2017. The extortion and attempted extortion of victim companies from 2017 through 2020 involving the theft of sensitive data and deployment of other ransomware.
  • Creation and Deployment of Malicious Cryptocurrency Applications: Development of multiple malicious cryptocurrency applications from March 2018 through at least September 2020 – including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale – which would provide the North Korean hackers with a backdoor into the victims’ computers.
  • Targeting of Cryptocurrency Companies and Theft of Cryptocurrency: Targeting of hundreds of cryptocurrency companies and the theft of tens of millions of dollars’ worth of cryptocurrency, including $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August 2020 in which the hackers used the malicious CryptoNeuro Trader application as a backdoor.
  • Spear-Phishing Campaigns: Multiple spear-phishing campaigns from March 2016 through February 2020 that targeted employees of United States cleared defence contractors, energy companies, aerospace companies, technology companies, the U.S.Department of State, and the U.S. Department of Defense.
  • Marine Chain Token and Initial Coin Offering: Development and marketing in 2017 and 2018 of the Marine Chain Token to enable investors to purchase fractional ownership interests in marine shipping vessels, supported by a blockchain, which would allow the DPRK to obtain funds from investors secretly, control interests in marine shipping vessels, and evade U.S. sanctions.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now