WASHINGTON — A North Korean spy was charged in the hacking of Sony Pictures Entertainment in 2014, the Justice Department announced on Thursday, accusing the North of orchestrating a broad conspiracy that caused hundreds of millions of dollars’ worth of economic damage over the past five years in the United States and around the world.
The suspect, Park Jin-hyok, was charged with computer fraud and wire fraud. He was part of attacks on film companies and distributors, including Sony Pictures, financial institutions and defense contractors, law enforcement officials said. He was also accused of being part of the development of the WannaCry 2.0 ransomware attack that infected hundreds of thousands of computers worldwide and crippled the British health care system last year.
Mr. Park appeared to work for North Korea’s Reconnaissance General Bureau, the country’s closest equivalent to the C.I.A., according to American intelligence officials. The same intelligence agency is believed to be behind the WannaCry attack and thefts from the Bangladeshi central bank that reaped tens of millions of dollars for the North.
“The North Korean government, through a state-sponsored group, robbed a central bank and citizens of other nations, retaliated against free speech in order to chill it half a world away, and created disruptive malware that indiscriminately affected victims in more than 150 other countries, causing hundreds of millions, if not billions, of dollars’ worth of damage,” said John C. Demers, the head of the Justice Department’s National Security Division, in a statement.
“These charges will send a message that we will track down malicious actors no matter how or where they hide,” he added.
[Read the criminal complaint here.]
Mr. Park, who also went by the alias Pak Jin Hek, is unlikely to ever see the inside of an American courtroom. The United States has no direct, formal relations with North Korea and did not communicate with its reclusive government ahead of the charges.
Hours before the Justice Department was set to act, President Trump seemed to praise the North Korean leader Kim Jong-un, saying on Twitter that he “proclaims ‘unwavering faith in President Trump.’ Thank you to Chairman Kim. We will get it done together.”
It was unclear whether Mr. Trump knew about the forthcoming charges. Asked whether the White House was briefed on the complaint before it was released, a Justice Department official would only say that it was standard practice to brief relevant parts of the executive branch.
Also Thursday, the Treasury Department announced that it had added Mr. Park’s name to its sanctions list, which means that no bank or other financial institution that does business in the United States can also do business with or provide accounts to Mr. Park or Chosun Expo Joint Venture, also known as K.E.J.V.
“We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions,” said Treasury Secretary Steven Mnuchin.
The sanctions are unlikely to have much effect on Mr. Park and are a less powerful tool than criminal charges in ensuring that Mr. Park cannot travel far outside of North Korea.
In its 179-page complaint, the government mapped out a yearslong, complex scheme to undermine institutions around the world and steal millions of dollars.
The attack on Sony Pictures alone wiped out 70 percent of the studio’s computer capability, erasing all the data on about half of the company’s personal computers and more than half of its servers, and was done in retaliation for the company’s production of a comedic film, “The Interview,” that mocked Mr. Kim and depicted a plot to assassinate him.
The November 2014 hack shocked Sony Pictures’ 7,000 employees, who were greeted with macabre images of the studio chief Michael Lynton’s severed head when they turned on their computers. Sony shut down all of its computer systems, including those in overseas offices, leaving the company without voice mail, email or production systems, essentially crippling operations.
The crime underscored how vulnerable the United States had become to cyber criminals and how malicious actors living far away could cripple American corporations. Hackers from China, Russia and elsewhere would soon infiltrate other high-profile targets including the Office of Personnel Management, the White House email system and the I.R.S.
Early communications from the hackers did not mention “The Interview,” and the notion of North Korean involvement was little more than a paranoid whisper at Sony. But that fear was confirmed soon after when the F.B.I. pinned the crime on North Korea and the White House imposed sanctions on the country.
The attack tarnished the studio’s reputation when the hackers dumped vast amounts of stolen Sony files onto anonymous posting sites — emails, contracts, salary lists, film budgets, medical records, digital copies of five entire movies.
The files seemed to fulfill every Hollywood gossip’s fantasy of what is said behind studio walls. Amy Pascal, then the studio’s top film executive, was caught swapping racially insensitive jokes about President Barack Obama’s presumed taste in African-American films. A top Sony producer, Scott Rudin, was discovered harshly criticizing Angelina Jolie.
By mid-December, the hackers had identified “The Interview” as the source of their anger. “Soon all the world will see what an awful movie Sony Pictures Entertainment has made,” one message said. “The world will be full of fear. Remember the 11th of September 2001.”
By the time the episode was over, the studio became entangled in a censorship fracas, with free-speech advocates and even President Obama criticizing Sony for temporarily shelving “The Interview” as theater chains balked at showing it.
Hollywood stood largely silent, allowing Sony and Ms. Pascal to twist in the wind. By February, Ms. Pascal had lost her job, transitioning to a lucrative producing arrangement with Sony.