Park is not the only person accused in these attacks, but he is the only person named in the criminal complaint. DOJ officials said that Park didn't act alone and that the investigation is still ongoing.
Park was working on behalf of the North Korean government, the investigators said.
"This is one of the most complex and longest cyber investigations that the department has conducted," John Demers, assistant attorney general for national security, said Thursday.
Watch this: US officials charge North Korean over major hacks like WannaCry and Sony
The charges are the first US case against a North Korean, as the nation continues to build up its cyberattack capabilities. Over the years, North Korea has created a powerful hacker army called the Lazarus Group.
Dmitri Alperovitch, co-founder of cybersecurity company Crowdstrike, called North Korea one of the "most aggressive nation-state actors in cyberspace."
The US is often a major target of nation-state hackers, and the Justice Department has also investigated and charged alleged hackers from Russia, China and Iran.
According to the criminal complaint against Park, he was working in Dalian, China, for a front company called Korea Expo Joint Ventures, which was controlled by North Korea and designed to make money for the nation's hacking organization.
Shortly before the hack against Sony, Park returned to North Korea and began launching attacks against the company, according to the complaint. Using a network of alias and email addresses, Park flooded inboxes at Sony Pictures, AMC Theaters and Mammoth Screen in an attempt to intrude on their networks.
According to the Justice Department, he used those same email addresses to pull off the $81 million heist from Bangladesh Bank. He also used those aliases to attack Lockheed Martin, a military contractor that works with both the US and South Korean governments.
Watch this: DHS secretary says US must fight back on hacking attacks
Justice officials also found that Park allegedly used the same malware for attacks on both the Bangladesh Bank and Sony.
"This group's actions are particularly egregious as they targeted public and private industries worldwide – stealing millions of dollars, threatening to suppress free speech, and crippling hospital systems," FBI director Christopher Wray said in a statement.
Along with other North Korean hackers, Park allegedly helped create the WannaCry ransomware, as well as two more versions of it that continued to spread, according to documents. Investigators found evidence in email exchanges linking the ransomware to Park and other North Korean hackers.
All three versions of WannaCry have similar coding, indicating that they had the same creator, according to the criminal complaint.
While it's highly unlikely that a North Korean would be extradited to the US, the Justice Department has used its "Name and Shame" strategy for multiple nation-state hackers.
"Their attacks have costed organizations all over the world tens of millions of dollars in damage," Alperovitch said. "One of the most important steps taken towards achieving effective cyber deterrence is the attribution of these attacks and holding the perpetrators accountable, as we witnessed today by the announcement of the US Department of Justice."
If found guilty, Park would face up to 25 years in prison. For Rep. Adam Schiff, a Democrat from California, the significance isn't about prosecuting and convicting Park. By calling out North Korea and Park with the indictment, US officials are holding nation-state hackers accountable for its attacks, Schiff said in an interview.
"It's less about the prospect that we're really going to get them to show up in court and face the music. It's more about letting these countries know that we have very good capabilities to ferret out who's doing what against us," he said.
The Treasury Department has launched a series of sanctions against Park and against the Korea Expo Joint Venture, the company he claimed to work for.
"We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions," Treasury Secretary Steven Mnuchin said.
Sen. Mark Warner, a Democrat from Virginia, said that Thursday's indictment is an "important step in making clear to our adversaries that these kinds of criminal activities are unacceptable."
Steve Rodhouse, director general of the UK's National Crime Agency, said the WannaCry attack "highlighted that cybercrime affects not just the country's prosperity and security, but also affects our everyday way of life." CNET's Ian Sherr contributed reporting to this story.
First published Sept. 6, 8:14 a.m. PT. Updated at 10 a.m. PT: To include details from the Justice Department's indictment, at 10:11 a.m. PT: with details from the Treasury Department, at 10:20 a.m. PT: with remarks from the FBI, at 1:08 p.m. PT: with comments from Rep. Schiff.
Gotcha: How Microsoft spotted another Russian hacking attempt
You, too: US targets 10 Iranians over university cyberattacks, HBO hack