United States federal prosecutors have indicted Rim Jong Hyok, a North Korean national, for orchestrating a series of ransomware attacks on American healthcare facilities and using the proceeds to fund cyber espionage operations against U.S. military and defense contractors, according to the Department of Justice.
Rim, associated with the notorious Andariel hacking group, is accused of targeting at least five U.S. healthcare providers with ransomware attacks. These attacks not only disrupted medical services but also served as a funding mechanism for more sophisticated espionage operations.
According to the joint cybersecurity advisory released by multiple U.S. agencies and international partners, the Andariel group, also known as Onyx Sleet, is part of North Korea's Reconnaissance General Bureau (RGB) 3rd Bureau. The advisory states that the group "primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime's military and nuclear programs and ambitions."
The U.S. Department of State's Rewards for Justice program has offered a reward of up to $10 million for information leading to Rim's identification or location. The program's announcement provides disturbing details about the scope of the cyberattacks:
"U.S. law enforcement investigators have documented that Andariel actors victimized five healthcare providers, four U.S.-based defense contractors, two U.S. Air Force bases, and the National Aeronautics and Space Administration's Office of Inspector General."
One particularly alarming incident occurred in November 2022, when "the malicious cyber actors hacked a U.S.-based defense contractor from which they extracted more than 30 gigabytes of data, including unclassified technical information regarding material used in military aircraft and satellites."
The joint cybersecurity advisory details the sophisticated methods employed by the group, including "widespread exploitation of web servers through known vulnerabilities in software, such as Log4j, to deploy a web shell and gain access to sensitive information and applications for further exploitation."
This indictment underscores the evolving nature of cyber threats, where criminal activities like ransomware attacks are used to bankroll state-sponsored espionage. It also highlights the urgent need for robust cybersecurity measures across all sectors, particularly in critical infrastructure and national defense.
The U.S. government's response—including the indictment, the joint advisory, and the reward offer—demonstrates a multi-faceted approach to combating these threats. As stated in the Rewards for Justice announcement, these actions are part of "continued efforts to address the DPRK's [North Korea's] malicious cyber activity against critical infrastructure as well as prevent and disrupt the DPRK's ability to generate illicit revenue through malicious cyber activity."
Follow SecureWorld News for more stories related to cybersecurity.
