On the Monday morning before the Thanksgiving holiday in 2014, employees at the Culver City headquarters of Sony Pictures Entertainment found their computer screens taken over by an image of a red skeleton, and a message: “We’ve already warned you, and this is just a beginning.” It was the start of a months-long nightmare in which hackers, calling themselves “Guardians of Peace,” made public the personal emails, salaries, and even medical records of Sony’s workers. For years, the cybersecurity community has pinned the attack on North Korea. Thursday, the Justice Department made it official, issuing a sweeping complaint against a single Hermit Kingdom hacker for not just the Sony breach, but for 2017's devastating WannaCry ransomware strain, a brazen heist of $81 million from Bangladesh in 2016, and more.

The complaint alleges that one programmer, Park Jin Hyok, was a sort of Zelig of North Korean hacking, having a hand in numerous offensive cyberoperations dating back to at least 2014. And while it highlights Sony, WannaCry, and the Bangladesh bank theft, it makes clear that the hacker’s activity extended far beyond those blockbuster incidents—and that it continues today.

“The scope and damage of the computer intrusions perpetrated and caused by the subjects of this investigation, including Park, is virtually unparalleled,” reads the complaint.

While the complaint singles out Park, prosecutors were also very clear that he did not act alone--an unsurprising fact given the magnitude of the operations. The DoJ says that Park worked for a company called Chosun Expo Joint Venture, an alleged front for the North Korean government. He spent two years working for CEJV in China, apparently fielding legitimate jobs for paying clients, but had returned to North Korea by the time of the Sony hack.

“Park is the only individual charged in the criminal complaint, but the complaint makes very clear that he worked with other conspirators to effect all of these actions,” said a senior official in the Justice Department, speaking on background. Officials noted also that the investigation is ongoing.

As for why only Park was named in the complaint, the nature of cybersecurity investigations makes it challenging to build enough evidence to attribute attacks to a given group or country, much less an individual. Consider that US officials had already publicly condemned North Korea for most of the incidents the charges outline; getting from there to a specific name, backed by dozens of pages of evidence, takes time. Given that, it's likely that Park was merely the only conspirator the government has been able to get enough evidence on to name so far.

“When you find this type of information, oftentimes it’s via a mistake by the operator,” says Ben Read, senior manager of cyberespionage analysis at security firm FireEye. “Being able to tie it back to an individual can be very difficult, depending on how fastidious the operators are.”

'The scope and damage of the computer intrusions perpetrated and caused by the subjects of this investigation, including Park, is virtually unparalleled.' US Criminal Complaint

Park apparently wasn’t quite fastidious enough. Investigators say they found multiple connections between an email account of Park’s and that of an alias, “Kim Hyon Woo.” The Kim email address “was used to subscribe or was accessed by the same computer as at least three other email or social media accounts that were each used to target multiple victims, including SPE and Bangladesh Bank,” according to the complaint.

The charges also provide more technical detail into North Korea’s various hacking efforts, many of which started with by now all-too-familiar spear-phishing campaigns. But they also demonstrate the impressive breadth of digital tools at North Korea’s disposal, something long appreciated among cybersecurity researchers, but seldom laid so bare.

“What the wide variety of malware tells you about this is that they’re making a significant investment in this. It takes people, it takes time, it takes money to create these custom tools,” says Read. “They have the resources to develop this stuff custom. That doesn’t necessarily make them unique, but it puts them in the top tier of nation states.”