North Korean Intelligence Officer Charged with Conducting Cyberattacks Against US Hospitals, Military Bases, & Defense Contractors

Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

The United States has charged a North Korean military intelligence officer with conducting cyberattacks against US military bases, defense contractors, and hospitals.

What’s the deal: In an announcement, the Justice Department revealed that Rim Jong Hyok, a North Korean hacker affiliated with the Andariel unit, has been charged with launching cyberattacks against US hospitals and healthcare providers using “Maui ransomware,” which caused significant disruptions to patient care. Rim is also accused of hacking US Air Force bases, NASA, and defense contractors in South Korea, Taiwan, and China. These breaches led to the theft of terabytes of sensitive military and technical data.

How he moved the money: When conducting ransomware attacks, which require victims to pay a ransom, Rim Jong Hyok laundered the proceeds through facilitators based in China. He converted the cryptocurrency ransoms into Chinese yuan, which were then accessed in China, close to the North Korean border. The laundered funds were used to lease virtual private servers and acquire additional infrastructure for further cyber intrusions, targeting organizations such as US defense contractors and NASA. The US government seized approximately $114,000 in cryptocurrency that was part of the ransomware proceeds linked to the attacks conducted by Rim Jong Hyok and the Andariel Unit.

More on the Andariel Unit: The Andariel Unit is a subgroup of North Korea’s Reconnaissance General Bureau (RGB), the nation’s primary intelligence agency. Known for its cyber espionage and cybercrime activities, the Andariel Unit focuses on financially motivated attacks and intelligence gathering. It has been involved in various high-profile cyber operations, including ransomware attacks, data theft, and hacking into critical infrastructure like healthcare providers, military bases, and defense contractors.

Not in custody: Despite the Justice Department’s announcement, Rim Jong Hyok is not in custody. The US government has offered a reward of up to $10 million for information leading to his arrest.

Statement from US Government: In a press release, Assistant Attorney General Matthew G. Olsen said, “North Korean hackers developed custom tools to target and extort US health care providers and used their ill-gotten gains to fund a spree of hacks into government, technology, and defense entities worldwide, all while laundering money through China. The indictment, seizures, and other actions announced today demonstrate the Department’s resolve to hold these malicious actors accountable, impose costs on the North Korean cyber program, and help innocent network owners recover their losses and defend themselves.”

FBI Deputy Director Paul Abbate added, “Rim Jong Hyok and his co-conspirators deployed ransomware to extort US hospitals and health care companies, then laundered the proceeds to help fund North Korea’s illicit activities. These unacceptable and unlawful actions placed innocent lives at risk. The FBI and our partners will leverage every tool available to neutralize criminal actors and protect American citizens.”