US charges North Korean hacker for hospital ransomware attacks

July 27, 2024
1 min read

TLDR:

  • The U.S. DoJ indicted a North Korean hacker for ransomware attacks on hospitals
  • The hacker, Rim Jong Hyok, is part of a group called Andariel and is accused of laundering ransom proceeds to fund North Korea’s activities

The U.S. Department of Justice has unsealed an indictment against a North Korean military intelligence operative, Rim Jong Hyok, for carrying out ransomware attacks against healthcare facilities in the U.S. The attacks were allegedly orchestrated by a hacking crew called Andariel and involved extorting U.S. hospitals and health care companies using a ransomware strain called Maui. The payments from these attacks were laundered through Hong Kong-based facilitators to fund further intrusions into defense, technology, and government entities worldwide. Alongside the indictment, the U.S. Department of State announced a reward of up to $10 million for information on Hyok’s whereabouts or other individuals involved in the malicious activities.

Andariel, affiliated with North Korea’s Reconnaissance General Bureau 3rd Bureau, has a track record of targeting foreign businesses, governments, and defense industries for sensitive information. The group utilizes a variety of malware distribution vectors, including phishing emails and known N-day security flaws, to gain initial access to target networks. They fund their espionage activities through ransomware operations against U.S. healthcare entities and are known for using native tools and processes on systems for reconnaissance, data exfiltration, and lateral movement.

Other state-sponsored hacking crews attributed to North Korea, such as Lazarus Group, BlueNoroff, Kimsuky, and ScarCruft, operate with similar objectives of gathering intelligence and generating revenue through cybercriminal activities. These groups have evolved over the years to blur the lines between intelligence gathering and money-making efforts, targeting various industry sectors worldwide and posing an ongoing threat to national security and economic interests.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and