Jon Chang Hyok


Jon Chang Hyok is a North Korean military intelligence officer and alleged cyber operative affiliated with the Reconnaissance General Bureau, the country's primary intelligence agency. He is one of three North Korean nationals charged by the United States in 2021 for orchestrating a series of state-sponsored cyberattacks across the globe.

Biography

According to the U.S. Department of Justice, Jon Chang Hyok was born in North Korea and is believed to be a member of the country’s military intelligence apparatus. He reportedly traveled to China at times.
Jon Chang Hyok is believed to be an officer in the Reconnaissance General Bureau, the agency responsible for North Korea’s cyber-espionage and cyber-sabotage campaigns. He has been identified as a member of Lazarus Group, a cybercrime unit widely attributed to the North Korean state.
In February 2021, a U.S. federal indictment accused Jon and two co-conspirators, Park Jin Hyok and Kim Il, of engaging in a cybercrime campaign intended to steal and extort over $1.3 billion in cash and cryptocurrency from institutions in the United States and around the world.

Notable operations

Sony Pictures hack
Jon is believed to have been involved in the 2014 hack of Sony Pictures Entertainment, an attack attributed to North Korea in retaliation for the film The Interview, a comedy depicting a fictional assassination of Kim Jong Un. The attack resulted in the leaking of confidential data, unreleased films, and internal emails, and caused significant damage to Sony’s operations.
WannaCry ransomware
The indictment also links him to the WannaCry 2.0 ransomware attack that infected hundreds of thousands of computers across 150 countries. The malware encrypted victims’ data and demanded payment in Bitcoin for decryption. The attack notably impacted the UK's National Health Service, among other entities.
Bank and cryptocurrency heists
The hackers attempted to steal over $1 billion from banks via the SWIFT system, including the 2016 Bangladesh Bank hack, where $81 million was successfully stolen. They also targeted cryptocurrency exchanges and financial technology companies, stealing hundreds of millions in digital currency.

Legal status

As of 2025, Jon Chang Hyok remains at large. He has been designated a fugitive by the U.S. Department of Justice and is featured on the FBI’s Cyber Most Wanted list. The indictment against him was unsealed in the U.S. District Court in Los Angeles.