US indicts North Korean hacker for major cyberattacks, offers $10mn reward

North Korean hacker Rim Jong Hyok has been accused of orchestrating major cyber attacks on US defense, Nasa, healthcare systems, and Asian companies

A United States federal grand jury in Kansas, has indicted a North Korean man Rim Jong Hyok, for allegedly orchestrating a series of cyberattacks targeting American military bases, defense contractors, National Aeronautics and Space Administration (Nasa), and several Asian companies. The Justice Department has offered a reward of up to $10 million for information leading to the capture of Hyok.

Federal prosecutors allege that Hyok, along with unnamed co-conspirators, stole vast amounts of sensitive data in 2022. Targets included four American defense contractors, Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia. Additionally, Nasa’s inspector general office was compromised over a three-month period.

Hyok is accused of deploying ransomware and laundering money through a Chinese bank to fund further cyberattacks. All these allegations are a violation of the Computer Fraud and Abuse Act in the United States.

The Andariel Unit of North Korea’s Reconnaissance General Bureau, which Hyok is associated with, allegedly targeted 17 entities across 11 US states. These included healthcare providers, disrupting patient treatments, and defense and energy companies in China, Taiwan, and South Korea. Over 17 gigabytes of unclassified data, including information on fighter aircraft and missile defense systems, were reportedly sent to North Korean military intelligence.

Stephen A Cyrus, an FBI agent based in Kansas City, remarked on the broader implications of these cybercrimes said, “While North Korea uses these types of cybercrimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas.”

Rim Jong Hyok, believed to be residing in North Korea, remains at large. This indictment follows a series of prosecutions related to North Korea hacking, highlighting the profit-driven nature of these cybercriminals compared to their Russian and Chinese counterparts.

The indictment stems from an alert by a Kansas medical center in May 2021, which was hit by ransomware, encrypting files and servers crucial for hospital operations. A ransom note demanded Bitcoin payments worth approximately $100,000. Federal investigators traced the blockchain transactions, leading to the discovery that the ransom was laundered through a Chinese bank and accessed near the Sino-Korean Friendship Bridge, according to US media reports. In 2022, the FBI seized about $500,000 in ransom payments, including the full amount paid by the Kansas hospital.