Tuesday, November 12, 2024

US Offers $10M Reward for Information on North Korean Hacker

The US Department of Justice has unsealed an indictment of a North Korean military intelligence operative targeting US critical infrastructure.

The individual, Rom Jong Hyok, allegedly carried out ransomware attacks against healthcare facilities and funneled the ransom payments to arrange other breaches into defense, technology, and government organizations globally, in violation of the Computer Fraud and Abuse Act, according to the indictment.

The ransom payments were laundered through Hong Kong, where they were converted into Chinese yuan, withdrawn from an ATM, and then used to purchase virtual private servers in order to exfiltrate sensitive defense and technology information. 

Hyok is part of a hacking crew known as Andariel (aka APT45, Nickel Hyatt, Onyx Sleet, Silent Chollima, Stonefly, and TDrop2) and is allegedly behind cyberattacks involving a ransomware strain coined “Maui,” which was targeting organizations in the US and Japan as far back as 2022. The group uses this ransomware against healthcare providers’ systems and servers used for medical testing or electronic medical records.

Andariel is controlled by DPRK’s military intelligence agency, the Reconnaissance General Bureau, which is involved in the DPRK’s illicit arms trade and responsible for its malicious cyber acts.

“This group poses an ongoing threat to various industry sectors worldwide, including, but not limited to, entities in the United States, South Korea, Japan, and India,” said the National Security Agency. 

The US Department of State’s Rewards for Justice (RFJ) announced a reward of up to $10 million for information that could lead to the whereabouts of Rim Jong Hyok, Andariel, or co-conspirators.


Related Articles

Latest Articles