Menu
Browse

Cyber Threat Actor: Park Jin Hyok

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Nation State
North Korea
1 incident
Profile

The threatactor is known by the aliases Park Jin Hyok and Pak Jin Hek. Publicly available information places the actor’s base of operations in North Korea. The individual is publicly linked to the Lazarus Group, a cyber operation attributed to the North Korean state. Activities are conducted through the front company Chosun Expo, which serves as a cover for the group’s cyber work.

Targeting has included the entertainment sector, exemplified by the intrusion against Sony Pictures Entertainment. Financial institutions have been a focus, notably the $81 million theft from the Bangladesh Bank. Defense contractors and critical infrastructure entities have also been observed as victims in broader campaigns. The actor’s strategic objectives combine financial gain, espionage through data exfiltration, and disruption by rendering compromised systems inoperable.

Initial access is frequently achieved via spear‑phishing emails that deliver malicious payloads. The malware toolkit includes ransomware such as WannaCry, which the group is credited with developing. Overlapping infrastructure, reused aliases, and malware variants sharing technical signatures link disparate operations. This consistent use of spear‑phishing and ransomware reflects a recognizable pattern in the actor’s TTPs.

The Sony Pictures incident in November 2014 involved spear‑phishing, data theft, and system destruction. The Bangladesh Bank heist demonstrated the actor’s capability to conduct large‑scale financial fraud. The development and deployment of WannaCry ransomware illustrated a shift toward global disruptive campaigns. Additional reporting ties the actor to intrusions against defense firms and critical infrastructure, using the same code and infrastructure patterns.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources