A North Korean military intelligence operative named Rim Jong Hyok was indicted on Thursday by a federal grand jury in Kansas City, Kansas, for allegedly hacking into various American and international entities, including health care providers, Nasa, US military bases, and defense and energy companies in China, Taiwan, and South Korea.
The indictment accuses Hyok of stealing sensitive information and deploying ransomware to generate funds for further cyberattacks.He is also charged with laundering money through a Chinese bank to purchase computer servers and finance additional attacks on defense, technology, and government entities worldwide, according to Associated Press report.
According to federal prosecutors, Hyok along with other members of the Andariel Unit of North Korea’s Reconnaissance General Bureau targeted 17 entities across 11 US states, including Nasa and US military bases, as well as defense and energy companies in China, Taiwan, and South Korea. The indictment indicates that these hacks on American hospitals and other health care providers disrupted patient treatment. They extracted over 17 gigabytes of unclassified data and also infiltrated the computer systems of defense companies in Michigan and California, as well as Randolph Air Force Base in Texas and Robins Air Force Base in Georgia.
The stolen data, which included information on fighter aircraft, missile defense systems, satellite communications, and radar systems, was reportedly sent to North Korean military intelligence to aid the country’s military and nuclear ambitions. “While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.
Rim Jong Hyok, who has resided in North Korea and worked at the military intelligence agency’s offices in Pyongyang and Sinuiju, remains at large. Online court records do not list an attorney for him. A reward of up to $10 million is being offered for information leading to him or other foreign government operatives targeting critical US infrastructure.
The Justice Department has prosecuted multiple cases related to North Korean hacking, often highlighting a profit-driven motive that distinguishes these cybercriminals from those in Russia and China. In 2021, for instance, three North Korean computer programmers were charged with various hacks, including a destructive attack on an American movie studio and attempts to steal and extort over $1.3 billion from banks and companies worldwide.
The FBI was alerted about Hyok’s activities by a Kansas medical center hit in May 2021. Hackers had encrypted files and servers, preventing access to patient files, laboratory test results, and computers necessary for hospital operations. A health care provider in Colorado was also affected by the same Maui ransomware variant.
A ransom note sent to the Kansas hospital demanded Bitcoin payments then valued at approximately $100,000 to a designated cryptocurrency address.
“Otherwise all of your files will be posted in the Internet which may lead you to loss of reputation and cause the troubles for your business,” the note read. “Please do not waste your time! You have 48 hours only! After that the Main server will double your price.”
Federal investigators traced blockchains to follow the ransom payment trail. An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents. It was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed from an ATM in China near the Sino-Korean Friendship Bridge connecting China and North Korea, court records reveal.
In 2022, the Justice Department stated that the FBI seized about $500,000 in ransom payments from money laundering accounts. This included the entire ransom payment from the Kansas hospital.
Analysts suggest Hyok’s arrest is unlikely. However, the indictment may lead to sanctions that could hinder North Korea’s ability to collect ransoms. Allan Liska, a cybersecurity analyst at Recorded Future, explained that this might remove the motivation to conduct cyberattacks on entities like hospitals in the future.
“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.
He also noted that one of the victims was a Chinese entity and questioned how China, an ally of North Korea, would respond to being targeted.
“China can’t be too thrilled about that,” he said.
The indictment accuses Hyok of stealing sensitive information and deploying ransomware to generate funds for further cyberattacks.He is also charged with laundering money through a Chinese bank to purchase computer servers and finance additional attacks on defense, technology, and government entities worldwide, according to Associated Press report.
According to federal prosecutors, Hyok along with other members of the Andariel Unit of North Korea’s Reconnaissance General Bureau targeted 17 entities across 11 US states, including Nasa and US military bases, as well as defense and energy companies in China, Taiwan, and South Korea. The indictment indicates that these hacks on American hospitals and other health care providers disrupted patient treatment. They extracted over 17 gigabytes of unclassified data and also infiltrated the computer systems of defense companies in Michigan and California, as well as Randolph Air Force Base in Texas and Robins Air Force Base in Georgia.
The stolen data, which included information on fighter aircraft, missile defense systems, satellite communications, and radar systems, was reportedly sent to North Korean military intelligence to aid the country’s military and nuclear ambitions. “While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.
Rim Jong Hyok, who has resided in North Korea and worked at the military intelligence agency’s offices in Pyongyang and Sinuiju, remains at large. Online court records do not list an attorney for him. A reward of up to $10 million is being offered for information leading to him or other foreign government operatives targeting critical US infrastructure.
The Justice Department has prosecuted multiple cases related to North Korean hacking, often highlighting a profit-driven motive that distinguishes these cybercriminals from those in Russia and China. In 2021, for instance, three North Korean computer programmers were charged with various hacks, including a destructive attack on an American movie studio and attempts to steal and extort over $1.3 billion from banks and companies worldwide.
The FBI was alerted about Hyok’s activities by a Kansas medical center hit in May 2021. Hackers had encrypted files and servers, preventing access to patient files, laboratory test results, and computers necessary for hospital operations. A health care provider in Colorado was also affected by the same Maui ransomware variant.
A ransom note sent to the Kansas hospital demanded Bitcoin payments then valued at approximately $100,000 to a designated cryptocurrency address.
“Otherwise all of your files will be posted in the Internet which may lead you to loss of reputation and cause the troubles for your business,” the note read. “Please do not waste your time! You have 48 hours only! After that the Main server will double your price.”
Federal investigators traced blockchains to follow the ransom payment trail. An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents. It was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed from an ATM in China near the Sino-Korean Friendship Bridge connecting China and North Korea, court records reveal.
In 2022, the Justice Department stated that the FBI seized about $500,000 in ransom payments from money laundering accounts. This included the entire ransom payment from the Kansas hospital.
Analysts suggest Hyok’s arrest is unlikely. However, the indictment may lead to sanctions that could hinder North Korea’s ability to collect ransoms. Allan Liska, a cybersecurity analyst at Recorded Future, explained that this might remove the motivation to conduct cyberattacks on entities like hospitals in the future.
“Now, unfortunately, that will force them to do more cryptocurrency theft. So it’s not going to stop their activity. But the hope is that we won’t have hospitals disrupted by ransomware attacks because they’ll know that they can’t get paid,” Liska said.
He also noted that one of the victims was a Chinese entity and questioned how China, an ally of North Korea, would respond to being targeted.
“China can’t be too thrilled about that,” he said.
