A North Korean military intelligence operative, Rim Jong Hyok, has been indicted in Kansas City, Kansas, for hacking into American health care providers, NASA, U.S. military bases, and international entities. The indictment accuses Rim of laundering money through a Chinese bank to fund more cyberattacks on defense, technology, and government entities worldwide. The attacks on American hospitals disrupted patient treatment, and Rim targeted 17 entities across 11 U.S. states, as well as defense and energy companies in China, Taiwan, and South Korea.
Rim and members of the Andariel Unit of North Korea’s Reconnaissance General Bureau accessed NASA’s computer system for over three months, extracting 17 gigabytes of unclassified data. They also breached defense companies in Michigan and California, as well as Randolph and Robins Air Force bases. The malware allowed the Andariel group to send stolen information to North Korean military intelligence, advancing the country’s military and nuclear goals by obtaining information on fighter aircraft, missile defense systems, and other sensitive data.
The FBI highlighted the impact of North Korea’s cyber crimes on the citizens of Kansas and the direct disruption caused by these attacks. The FBI is offering a reward of up to $10 million for information leading to Rim or other foreign government operatives targeting critical U.S. infrastructure. The Justice Department has prosecuted multiple cases related to North Korean hacking, emphasizing a profit-driven motive that distinguishes the nation’s cybercriminals from those in Russia and China.
A ransom note sent to a Kansas hospital demanded Bitcoin payments to unlock encrypted files, causing disruptions in patient care and hospital operations. Federal investigators traced the blockchain to follow the money, leading to the seizure of approximately $500,000 in ransom payments in 2022. Rim’s arrest is unlikely, but the indictment may lead to sanctions that could prevent North Korea from collecting ransoms, potentially reducing the motivation for future cyber attacks on entities like hospitals.
An analyst with the cybersecurity firm Recorded Future, Allan Liska, emphasized that while sanctions may hinder North Korea’s ability to collect ransoms, it could lead them to resort to cryptocurrency theft instead. Liska noted that a Chinese entity was among the victims, raising questions about China’s response to being targeted by North Korean cyber attacks. The hope is that disrupting ransom payments could deter future attacks on hospitals, reducing the impact of cyber crimes on critical infrastructure and citizens.
