A North Korean national has been charged over his alleged role in a conspiracy involving ransomware attacks on U.S. hospitals and health care providers, as well as the U.S. Army and NASA, according to a July 25 press release from the U.S. Department of Justice (DOJ).
A grand jury in Kansas City, Kansas, returned an indictment earlier in the week, charging Rim Jong Hyok and outlining a scheme in which he and his associates allegedly extorted U.S. health care institutions and laundered the ransom proceeds to fund further cyber intrusions into defense, technology, and government entities worldwide, according to the DOJ.
Mr. Rim and his co-conspirators allegedly worked for North Korea’s Reconnaissance General Bureau, a military intelligence agency, operating under the monikers “Andariel,” “Onyx Sleet,” and “APT45.” They executed ransomware attacks that significantly disrupted the operations of health care providers, preventing them from delivering timely care to patients, according to the DOJ.
Assistant Attorney General Matthew G. Olsen from the DOJ’s national security division said North Korean hackers developed custom tools to target and extort health care providers, using the proceeds to fund hacks into government, technology, and defense agencies worldwide, while laundering money through China.
One attack against a U.S.-based defense contractor in late 2022 resulted in more than 30 gigabytes of data, “including unclassified technical information regarding material used in military aircraft and satellites, much of which was from 2010 or earlier” being extracted by hackers, according to a State Department press release.
The attacks also targeted U.S. Air Force bases, NASA, and defense contractors, as well as entities in South Korea, Taiwan, and China.
FBI Deputy Director Paul Abbate condemned the actions, saying they placed innocent Americans’ lives at risk.
Deputy Attorney General Lisa Monaco highlighted the seriousness of the charges and the efforts being made to safeguard critical infrastructure.
“Two years ago, the Justice Department disrupted the North Korean group using Maui ransomware to hold hostage U.S. hospitals and health care providers,” she said. “Today’s criminal charges against one of those alleged North Korean operatives demonstrates that we will be relentless against malicious cyber actors targeting our critical infrastructure.”
In addition to the indictment, the DOJ and the FBI announced the seizure of approximately $114,000 in virtual currency proceeds from ransomware attacks and related money laundering transactions.
Private sector partners are also involved in efforts to curb the threat posed by the Andariel group, the DOJ said.
Microsoft has implemented technical measures to block Andariel actors from accessing victim networks, and Mandiant has published research on Andariel’s tactics to aid cybersecurity practitioners, according to the DOJ.