Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Ransomware

US Indicts Alleged North Korean Ransomware Attacker

United States Charges North Korean Hacker for Attacks on Hospitals and Healthcare
US Indicts Alleged North Korean Ransomware Attacker
Rim Jong Hyok has been charged with conspiracy to commit computer hacking and money laundering. (Image: FBI)

The United States is offering a $10 million reward for information leading to the arrest of suspected North Korean hacker Rim Jong Hyok after authorities indicted him for involvement in the regime's Andariel hacking group.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Hyok was added to the FBI's Ten Most Wanted Fugitives list and charged with conspiracy to commit computer hacking and money laundering. He is wanted for conspiring to use the Maui ransomware software "to conduct computer intrusions against U.S. hospitals and healthcare companies," as well as government agencies and technology organizations in the U.S., South Korea and China.

Senior FBI and Justice Department officials told reporters Thursday the indictment highlights how North Korean hackers use ransomware and other cyberespionage campaigns to advance their nuclear, military and currency-building operations. Hyok is accused of taking part in an attempted cyberattack targeting a Kansas hospital in May 2021. The hospital, which has not been identified, paid an estimated $100,000 to retrieve its data from the hackers after they successfully gained access to its encrypted files and servers. Officials said they have since recovered - and plan to return - those funds.

The hacking group exfiltrated sensitive defense and technology information from entities across the globe, including two U.S. Air Force bases, NASA and entities located in Taiwan, South Korea, and China, the indictment alleges.*

Stephen Cyrus, special agent in charge of the FBI Kansas City field office, said North Korea "uses these types of cybercrimes to circumvent international sanctions and fund its political and military ambitions."

"These actions keep our families from getting the health care they need, slowing the response of our first responders," Cyrus said in a statement. "Today’s charges prove these cyber actors cannot act with impunity."

The indictment says Hyok and the Andariel hacking group used unique ransomware developed by North Korea's primary military intelligence agency to extort U.S. hospitals and in turn fund the regime's cyberespionage efforts into government agencies, military bases and companies throughout the defense industrial base, including those focused on developing missile, aerospace and uranium processing technologies.

The Cybersecurity and Infrastructure Security Agency issued an advisory on Thursday saying that the U.S. cyber defense agency and domestic and international partners "believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide."

The indictment comes a day after the cybersecurity firm Mandiant published a report revealing how the North Korean hacking group has expanded its cyber operations to target global healthcare, energy and financial sectors (see: Mandiant: North Korean Hackers Targeting Healthcare, Energy).

North Korean hackers "have demonstrated they're willing and agile enough to target any entity to achieve their objectives, including hospitals," said Michael Barnhart, Mandiant's principal analyst.

North Korea is one of the few governments that engages in profit-driven hacking, which supports the regime's weapons of mass destruction projects and supplies Pyongyang with hard currency. U.S. Treasury sanctions have targeted North Korean hackers such as Andariel, believed to be operated by the DPRK Reconnaissance General Bureau (see: Researchers: North Korean Hackers Gain Speed, Flexibility).

The United Kingdom's National Cyber Security Center on Thursday issued an advisory about Andariel, warning that the hacking group has launched ransomware attacks "against U.S. healthcare organizations in order to extort payments and fund further espionage activity."

*Updated July 25, 2024 20:58 UTC: Provides further detail from the U.S. indictment against Rim Jong Hyok .


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.