A North Korean military intelligence operative has been indicted for orchestrating a series of cyberattacks targeting U.S. hospitals, NASA, and military bases, federal prosecutors announced on Thursday.
Rim Jong Hyok, a member of the Andariel Unit within North Korea’s Reconnaissance General Bureau, faces charges of conspiracy to commit computer hacking and money laundering.
The indictment, issued by a grand jury in Kansas City, Kansas, alleges that Rim and his co-conspirators deployed ransomware attacks against U.S. healthcare providers, disrupting patient care and extorting ransom payments. The hackers then laundered the proceeds through Chinese facilitators to fund further cyberattacks on defense, technology, and government entities worldwide.
According to court documents, the Andariel group targeted at least 17 entities across 11 U.S. states, including NASA and two U.S. Air Force bases. In one instance, the hackers gained access to NASA’s computer system for over three months, extracting more than 17 gigabytes of unclassified data. The group also infiltrated defense contractors in Michigan and California, stealing sensitive information related to military aircraft, satellites, and other defense technologies.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The attacks on healthcare providers were particularly disruptive, with at least one Kansas hospital paying approximately $100,000 in Bitcoin to regain access to encrypted files and servers. The FBI later recovered this ransom payment along with funds from a Colorado healthcare provider affected by the same Maui ransomware variant.
Deputy Attorney General Lisa Monaco stated, “This latest action, in collaboration with our partners in the U.S. and overseas, makes clear that we will continue to deploy all the tools at our disposal to disrupt ransomware attacks, hold those responsible to account, and place victims first.”
The U.S. State Department is offering a reward of up to $10 million for information leading to the identification or location of Rim, who is believed to be in North Korea. The indictment highlights the growing threat of state-sponsored cyberattacks and their potential impact on critical infrastructure and national security.
In response to the attacks, U.S. authorities have seized approximately $600,000 in virtual currency proceeds and are working to return the funds to victim organizations. Additionally, private sector partners like Microsoft and Mandiant are implementing measures to block Andariel actors from accessing victims’ networks and publishing research on the group’s tactics.
As the search for Rim continues, cybersecurity experts emphasize the need for organizations to remain vigilant and prioritize network security to protect against similar attacks in the future.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo