TLDR:
- The U.S. DoJ indicted a North Korean hacker for ransomware attacks on hospitals
- The hacker, Rim Jong Hyok, is part of a group called Andariel and is accused of laundering ransom proceeds to fund North Korea’s activities
The U.S. Department of Justice has unsealed an indictment against a North Korean military intelligence operative, Rim Jong Hyok, for carrying out ransomware attacks against healthcare facilities in the U.S. The attacks were allegedly orchestrated by a hacking crew called Andariel and involved extorting U.S. hospitals and health care companies using a ransomware strain called Maui. The payments from these attacks were laundered through Hong Kong-based facilitators to fund further intrusions into defense, technology, and government entities worldwide. Alongside the indictment, the U.S. Department of State announced a reward of up to $10 million for information on Hyok’s whereabouts or other individuals involved in the malicious activities.
Andariel, affiliated with North Korea’s Reconnaissance General Bureau 3rd Bureau, has a track record of targeting foreign businesses, governments, and defense industries for sensitive information. The group utilizes a variety of malware distribution vectors, including phishing emails and known N-day security flaws, to gain initial access to target networks. They fund their espionage activities through ransomware operations against U.S. healthcare entities and are known for using native tools and processes on systems for reconnaissance, data exfiltration, and lateral movement.
Other state-sponsored hacking crews attributed to North Korea, such as Lazarus Group, BlueNoroff, Kimsuky, and ScarCruft, operate with similar objectives of gathering intelligence and generating revenue through cybercriminal activities. These groups have evolved over the years to blur the lines between intelligence gathering and money-making efforts, targeting various industry sectors worldwide and posing an ongoing threat to national security and economic interests.