Cyberattacks against US hospitals, NASA, and military locations are attributed to a North Korean military hacker.

Cyberattacks against US hospitals, NASA, and military locations are attributed to a North Korean military hacker.

Federal prosecutors revealed on Thursday that a North Korean military intelligence agent has been charged in connection with a plot to hack into international organizations, NASA, American health care providers, and U.S. military locations in order to steal confidential data and install ransomware to finance other attacks.

A grand jury in Kansas City, Kansas, indicted Rim Jong Hyok on charges of money laundering through a Chinese bank, using the proceeds to purchase computer servers and finance other assaults against government, defense, and technology organizations worldwide.

According to officials, the hacks on American hospitals and other healthcare organizations interfered with the way patients were treated. He is charged of attacking 17 organizations spread across 11 states in the United States, including NASA, American military installations, and defense and energy firms in China, Taiwan, and South Korea.

For more than three months, Rim and other members of the Andariel Unit of North Korea’s Reconnaissance General Bureau had access to NASA’s computer system, extracting over 17 gigabytes of unclassified data, the indictment says. They also reached inside computer systems for defense companies in Michigan and California, as well as Randolph Air Force base in Texas and Robins Air Force base in Georgia, authorities say.

The malware enabled the state-sponsored Andariel group to send stolen information to North Korean military intelligence, furthering the country’s military and nuclear aspirations, federal prosecutors said. They’ve gone after details of fighter aircraft, missile defense systems, satellite communications and radar systems, a senior FBI official said.

“While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.

Online court records do not list an attorney for Rim, who has lived in North Korea and worked at the military intelligence agency’s offices in both Pyongyang and Sinuiju, according to court records. A reward of up to $10 million has been offered for information that could lead to him or other foreign government operatives who target critical U.S. infrastructure.

The Justice Department has prosecuted multiple cases related to North Korean hacking, often alleging a profit-driven motive that sets the nation’s cybercriminals apart from hackers in Russia and China. In 2021, for instance, the department charged three North Korean computer programmers in a broad range of hacks including a destructive attack targeting an American movie studio and the attempted theft and extortion of more than $1.3 billion from banks and companies around the world.

In this case, the FBI was alerted by a Kansas medical center that was hit in May 2021. Hackers had encrypted its files and servers, blocking access to patient files, laboratory test results and computers needed to operate hospital equipment. A Colorado health care provider was affected by the same Maui ransomware variant.

A ransom note sent to the Kansas hospital demanded Bitcoin payments valued then at about $100,000, to be sent to a cryptocurrency address.

“Otherwise all of your files will be posted in the Internet which may lead you to loss of reputation and cause the troubles for your business,” the note reads. “Please do not waste your time! You have 48 hours only! After that the Main server will double your price.”

Federal investigators said they traced blockchains to follow the money: An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents before it was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed from an ATM in China next to the Sino-Korean Friendship Bridge connecting China and North Korea, according to court records.

In 2022, the Justice Department said the FBI seized approximately $500,000 in ransom payments from the money laundering accounts, including the entire ransom payment from the hospital.

An arrest of Rim is unlikely, so the biggest outcome of the indictment is that it may lead to sanctions that could cripple the ability of North Korea to collect ransoms this way, which could in turn remove the motivation to conduct cyber attacks on entities like hospitals in the future, according to Allan Liska, an analyst with the cybersecurity firm Recorded Future.

Sadly, that will now compel them to steal more cryptocurrency. Therefore, it won’t cease their activity. However, the expectation is that hospitals won’t be affected by ransomware attacks as they will be aware that they are unpaid, according to Liska.

In addition, he mentioned that one of the fatalities was from China, raising the question of what the North Korean ally thought of its targeting.

“China can’t be too thrilled about that,” he stated.

Leave a Reply

Your email address will not be published. Required fields are marked *