US Government Indicts North Korean Hacker Rim Jong Hyok, Offers $10M Reward

• The US State Department has announced a $10 million reward for information on a North Korean national who allegedly hacked military bases, hospitals, and other government infrastructure.
• In a joint advisory, the FBI (Federal Bureau of Investigation), the CISA (the US Cybersecurity and Infrastructure Security Agency), and the NSA (National Security Agency) have warned about a cyber-espionage group working with North Korea’s foreign intelligence service, which Rim Jong Hyok is said to be a part of.

The US government has indicted Rim Jong Hyok, a North Korean hacker, for allegedly participating in a campaign to use ransomware against critical American infrastructure. The hacker is said to be a North Korea’s Reconnaissance General Bureau member. The attacks were said to have impacted healthcare units, military installations, and even bodies like NASA (National Aeronautics and Space Administration).

The Indictment

According to court documents, the hacker group APT45/Andariel targeted critical infrastructure by accessing computer systems and deploying ransomware, which blocked access to crucial files and operating systems. Rim Jong Hyok is thought to be a significant participant in the group.

Ransom funds were traced via various channels, including Chinese banks, indicating a complex money laundering operation​. The indictment highlights the heightened capabilities of North Korean cyber operations, which are believed to support the country militarily and politically.

Andariel and Rim have been accused of infiltrating 17 entities across 11 US states, including four defense contractors, two US Air Force bases, and NASA. This includes the theft of several gigabytes of classified data, including bills of materials, contract specifications, design drawings, project details, and engineering documents.

See More: CrowdStrike Blames Windows Outage on Testing Software

A Hefty Reward

Andariel has been active for several years. Researchers at Mandiant believe the group has been operational since 2009. Microsoft says it first spotted the group in 2014. The group has targeted organizations in several critical sectors, including aerospace, defense, financial services, energy, health care, and transportation.

In response to the attacks, the US State Department has announced a reward of up to $10 million in exchange for information that could lead to the identification or capture of Rim Jong Hyok as a part of the Rewards for Justice program, which aims to mitigate cyber threats from state-sponsored actors​.

A Growing North Korean Threat

Multiple reports from cybersecurity firms and government agencies have identified North Korean hackers as a significant threat to global cybersecurity. For instance, Mandiant’s report on APT45 outlines the group’s sophisticated methods and an extensive list of targets.

Similarly, a joint cybersecurity advisory from the US, UK, and South Korea has highlighted the ongoing threat by North Korea-based cyber operations, which often aim to circumvent international sanctions and fund the country’s activities, including military and nuclear programs.

According to a UN report, Korean hackers have been involved in almost 60 cyber-attacks on cryptocurrency companies alone, stealing an estimated $3 billion.

The US has ramped up its efforts to hit North Korean espionage efforts. This includes sanctions on individuals and companies that have raised money for Pyongyang. The Justice Department revealed an indictment accusing dozens of North Korean and Chinese individuals of violating sanctions via illegal financial networks.

North Korean workers have also been found to have secured remote work contracts with hundreds of US companies to fund North Korea’s nuclear weapons and missile programs illicitly. Security firm KnowBe4 has stated that it had unknowingly hired a North Korean man who downloaded malware onto the company’s platforms.

Notable attacks by North Korean hackers

Some of the significant cyberattacks attributed to North Korean groups include:

• Sony Pictures Hack (2014): This high-profile attack leaked confidential data and temporarily shut down Sony’s network.
• Bangladesh Bank Heist (2016): This was a sophisticated cyber theft in which hackers attempted to steal $1 billion from Bangladesh Bank’s account at the Federal Reserve Bank of New York, successfully transferring $81 million.
• WannaCry Ransomware Attack (2017): A global ransomware attack that affected hundreds of thousands of computers in over 150 countries, targeting critical infrastructure and causing widespread disruption.

Takeaways

The indictment marks a significant step in the US’s efforts to prevent cybercrime and hold malicious actors accountable. As adversarial foreign cyber threats evolve, strong cybersecurity measures and international cooperation will become necessary to protect critical infrastructure and maintain global security.

LATEST NEWS STORIES

• Microsoft and OpenAI Incorporate Artificial Intelligence Features in Search Engines
• Mimecast Acquires Code42
• Researchers Identify Significant Vulnerabilities and Malicious Activities Within GitHub
• Google Chrome’s New Feature to Scan for Malicious Content in Password-Protected Files