{{notability|1=Biographies|date=August 2025}} {{Short description|North Korean military intelligence officer}}{{Family name hatnote|Jon|lang=Korean}}

'''Jon Chang Hyok''' ({{Korean|hangul=전창혁}};<ref>{{Cite web |date=2021-02-18 |title=미국이 북한인 3명을 1.4조원 규모 절도 혐의로 기소했다 |url=https://www.bbc.com/korean/international-56108046 |access-date=2025-05-10 |website=BBC News 코리아 |language=ko}}</ref> born 1989) is a North Korean military intelligence officer and alleged cyber operative affiliated with the Reconnaissance General Bureau (RGB), the country's primary intelligence agency. He is one of three North Korean nationals charged by the United States in 2021 for orchestrating a series of state-sponsored cyberattacks across the globe.<ref name="fbi">{{Cite web |title=JON CHANG HYOK |url=https://www.fbi.gov/wanted/cyber/jon-chang-hyok |access-date=2025-05-09 |website=Federal Bureau of Investigation |language=en-us}}</ref>

== Biography == According to the U.S. Department of Justice, Jon Chang Hyok was born in North Korea and is believed to be a member of the country’s military intelligence apparatus. He reportedly traveled to China at times.<ref name="fbi"></ref>

Jon Chang Hyok is believed to be an officer in the Reconnaissance General Bureau (RGB), the agency responsible for North Korea’s cyber-espionage and cyber-sabotage campaigns. He has been identified as a member of Lazarus Group, a cybercrime unit widely attributed to the North Korean state.<ref>{{Cite web |title=US charges three North Koreans for major hacks and cyber-thefts |url=https://www.aljazeera.com/news/2021/2/17/us-charges-three-north-koreans-for-major-hacks-and-cyber-thefts |access-date=2025-05-09 |website=Al Jazeera |language=en}}</ref><ref>{{Cite news |last=AFP |date=2021-02-17 |title=US charges three North Korean hackers over $1.3bn cryptocurrency attacks |url=https://www.theguardian.com/technology/2021/feb/17/north-korea-hack-cryptocurrency-us-charges |access-date=2025-05-09 |work=The Guardian |language=en-GB |issn=0261-3077}}</ref>

In February 2021, a U.S. federal indictment accused Jon and two co-conspirators, Park Jin Hyok and Kim Il, of engaging in a cybercrime campaign intended to steal and extort over $1.3 billion in cash and cryptocurrency from institutions in the United States and around the world.<ref>{{Cite journal |last1=Makar |first1=A. B. |last2=McMartin |first2=K. E. |last3=Palese |first3=M. |last4=Tephly |date= 1975|title=Formate assay in body fluids: application in methanol poisoning |journal=Biochemical Medicine |volume=13 |issue=2 |pages=117–126 |doi=10.1016/0006-2944(75)90147-7 |issn=0006-2944 |pmid=1}}</ref><ref>{{Cite news |date=2021-02-17 |title=US charges three North Koreans over $1.3bn theft |url=https://www.bbc.com/news/technology-56103921 |access-date=2025-05-09 |language=en-GB}}</ref><ref>{{Cite news |last=Nakashima |first=Ellen |date=2021-02-17 |title=U.S. accuses three North Koreans of conspiring to steal more than $1.3 billion in cash and cryptocurrency |url=https://www.washingtonpost.com/national-security/north-korea-hackers-banks-theft/2021/02/17/3dccf0dc-7129-11eb-93be-c10813e358a2_story.html |access-date=2025-05-09 |newspaper=The Washington Post |language=en-US |issn=0190-8286}}</ref>

== Notable operations == '''Sony Pictures hack (2014)''' {{Main|2014 Sony Pictures hack}} Jon is believed to have been involved in the 2014 hack of Sony Pictures Entertainment, an attack attributed to North Korea in retaliation for the film ''The Interview'', a comedy depicting a fictional assassination of Kim Jong Un. The attack resulted in the leaking of confidential data, unreleased films, and internal emails, and caused significant damage to Sony’s operations.<ref>{{Cite journal |last1=Anderson |first1=T. R. |last2=Slotkin |first2=T. A. |date=1975-08-15 |title=Maturation of the adrenal medulla--IV. Effects of morphine |journal=Biochemical Pharmacology |volume=24 |issue=16 |pages=1469–1474 |doi=10.1016/0006-2952(75)90020-9 |issn=1873-2968 |pmid=7}}</ref>

'''WannaCry ransomware (2017)''' {{Main|WannaCry ransomware attack}} The indictment also links him to the WannaCry 2.0 ransomware attack that infected hundreds of thousands of computers across 150 countries. The malware encrypted victims’ data and demanded payment in Bitcoin for decryption. The attack notably impacted the UK's National Health Service (NHS), among other entities.<ref>{{Cite web |title=U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist |url=https://thehackernews.com/2021/02/us-charges-3-north-korean-hackers-over.html |access-date=2025-05-09 |website=The Hacker News |language=en}}</ref>

'''Bank and cryptocurrency heists''' {{Main|Bangladesh Bank robbery}} The hackers attempted to steal over $1 billion from banks via the SWIFT system, including the 2016 Bangladesh Bank hack, where $81 million was successfully stolen. They also targeted cryptocurrency exchanges and financial technology companies, stealing hundreds of millions in digital currency.<ref>{{Cite news |last=Benner |first=Katie |date=2021-02-17 |title=U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars |url=https://www.nytimes.com/2021/02/17/us/politics/north-korea-hacking-charges.html |access-date=2025-05-09 |work=The New York Times |language=en-US |issn=0362-4331}}</ref>

== Legal status == As of 2025, Jon Chang Hyok remains at large. He has been designated a fugitive by the U.S. Department of Justice and is featured on the FBI’s Cyber Most Wanted list. The indictment against him was unsealed in the U.S. District Court in Los Angeles.<ref name="fbi"></ref><ref>{{Cite journal |last1=Chow |first1=Y. W. |last2=Pietranico |first2=R. |last3=Mukerji |first3=A. |date=1975-10-27 |title=Studies of oxygen binding energy to hemoglobin molecule |journal=Biochemical and Biophysical Research Communications |volume=66 |issue=4 |pages=1424–1431 |doi=10.1016/0006-291x(75)90518-5 |issn=0006-291X |pmid=6 |bibcode=1975BBRC...66.1424C }}</ref>

== References == {{reflist}}

{{Authority control}} Category:Fugitives wanted by the United States Category:Cybercriminals