North Korean Cyber Operative Indicted for Ransomware Attacks
The U.S. Department of Justice has indicted North Korean military intelligence operative Rim Jong Hyok for allegedly conducting ransomware attacks on healthcare facilities in the U.S. and laundering the proceeds to fund additional cyber intrusions targeting global defense and technology entities.
The FBI’s Paul Abbate stated these actions endangered innocent lives. The U.S. State Department is offering a reward of up to $10 million for information leading to Hyok’s whereabouts. He is linked to the hacking group Andariel and is associated with the ransomware strain Maui, which first appeared in 2022.
Recent attacks included stealing over 30 gigabytes of sensitive data from a U.S. defense contractor. The agencies have also seized approximately $114,000 in virtual currency from these attacks. Andariel, affiliated with North Korea’s Reconnaissance General Bureau, targets foreign businesses and governments to obtain classified information. Exploiting known security flaws, the group employs various techniques, including phishing and “living-off-the-land” methods, to carry out its operations. Microsoft noted Andariel’s continuously evolving toolkit poses a persistent threat, particularly to sectors of interest to North Korean intelligence.
Microsoft highlights several notable malware tools used by North Korean state-sponsored hacking groups, including TigerRAT, SmallTiger, LightHand, ValidAlpha, and Dora RAT. These tools target various sectors, evolving from South Korean financial institutions to U.S. healthcare with ransomware like Maui.
According to Alex Rose from Secureworks, North Korea has shifted focus from intelligence gathering to revenue generation through cybercrime, blurring the lines between different cyber threat objectives. This shift is part of a broader strategy to counteract the country’s economic isolation and lack of domestic industry.
