Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Healthcare
United States Charges North Korean Hacker for Attacks on Hospitals and Healthcare
The United States is offering a $10 million reward for information leading to the arrest of suspected North Korean hacker Rim Jong Hyok after authorities indicted him for involvement in the regime’s Andariel hacking group.
See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing
Hyok was added to the FBI’s Ten Most Wanted Fugitives list and charged with conspiracy to commit computer hacking and money laundering. He is wanted for conspiring to use the Maui ransomware software “to conduct computer intrusions against U.S. hospitals and healthcare companies,” as well as government agencies and technology organizations in the U.S., South Korea and China.
Senior FBI and Justice Department officials told reporters Thursday the indictment highlights how North Korean hackers are using ransomware and other cyberespionage campaigns to advance their nuclear, military and currency-building operations. Hyok is accused of taking part in an attempted cyberattack targeting a Kansas hospital in May 2021. The hospital, which has not been identified, paid an estimated $100,000 to retrieve its data from the hackers after they successfully gained access to its encrypted files and servers. Officials said they have since recovered – and plan to return – those funds.
The Cybersecurity and Infrastructure Security Agency issued an advisory on Thursday saying that the U.S. cyber defense agency and domestic and international partners “believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide.”
The indictment comes a day after the cybersecurity firm Mandiant published a report revealing how the North Korean hacking group has expanded its cyber operations to target global healthcare, energy and financial sectors (see: Mandiant: North Korean Hackers Targeting Healthcare, Energy).
North Korean hackers “have demonstrated they’re willing and agile enough to target any entity to achieve their objectives, including hospitals,” said Michael Barnhart, Mandiant’s principal analyst.
North Korea is one of the few governments that engages in profit-driven hacking, which supports the regime’s weapons of mass destruction projects and supplies Pyongyang with hard currency. U.S. Treasury sanctions have targeted North Korean hackers such as Andariel, believed to be operated by the DPRK Reconnaissance General Bureau (see: Researchers: North Korean Hackers Gain Speed, Flexibility).
The United Kingdom’s National Cyber Security Center on Thursday issued an advisory about Andariel, warning that the hacking group has launched ransomware attacks “against U.S. healthcare organizations in order to extort payments and fund further espionage activity.”