KANSAS CITY, Kansas – A North Korean military intelligence agent was indicted in a conspiracy to hack American health care providersNASA, U.S. military bases and international entities stealing sensitive information and installing ransomware to fund more attacks, federal prosecutors announced Thursday.
The indictment of Rim Jong Hyok by a grand jury in Kansas City, Kansas, accuses him of laundering the money through a Chinese bank and then using it to buy computer servers and finance more cyberattacks on defense, technology and governments around the world.
The attacks on American hospitals and other health care providers have disrupted patient care, officials said. He is accused of attacking 17 entities in 11 US states, including NASA and US military bases, as well as defense and energy companies in China, Taiwan and South Korea.
For more than three months, Hyok and other members of the Andariel Unit of North Korea’s General Reconnaissance Office had access to NASA’s computer system, extracting more than 17 gigabytes of unclassified data, the indictment says. They also accessed computer systems at defense contractors in Michigan and California, as well as at Randolph Air Force Base in Texas and Robins Air Force Base in Georgia, authorities say.
The malware allowed the state-sponsored Andariel group to send stolen information to North Korean military intelligence, furthering the country’s military and nuclear aspirations, federal prosecutors said. They sought details of fighter jets, missile defense systems, satellite communications and radar systems, a senior FBI official said.
“While North Korea uses these types of cybercrimes to circumvent international sanctions and finance its political and military ambitions, the impact of these rampant acts has a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an agent with FBI based in Kansas City.
Online court records do not list a lawyer for Hyok, who lived in North Korea and worked at the military intelligence agency’s offices in Pyongyang and Sinuiju, according to court records. A reward of up to $10 million has been offered for information that could lead to him or other foreign government agents targeting critical U.S. infrastructure.
The Justice Department has prosecuted several cases related to North Korean hackers, often alleging a for-profit motivation that differentiates the country’s cybercriminals from hackers in Russia and China. In 2021, for example, the department charged three North Korean computer programmers for a wide range of hacks, including a destructive attack targeting an American film studio and the attempted theft and extortion of more than $1.3 billion from banks and companies around the world.
In this case, the FBI was alerted by a Kansas medical center that was hit in May 2021. Hackers encrypted its files and servers, blocking access to patient files, laboratory test results, and computers needed to operate hospital equipment. A Colorado healthcare provider was affected by the same Maui ransomware variant.
A ransom note sent to the Kansas hospital demanded that Bitcoin payments valued at around $100,000 be sent to a cryptocurrency address.
“Otherwise, all your files will be published on the Internet, which can lead to loss of reputation and cause problems for your business,” says the note. “Please don’t waste your time! You only have 48 hours! After that, the main server will double its price.”
Federal investigators said they tracked blockchains to follow the money: An unidentified co-conspirator transferred Bitcoin to a virtual currency address belonging to two Hong Kong residents before it was converted into Chinese currency and transferred to a Chinese bank. The money was then accessed at an ATM in China near the Sino-Korean Friendship Bridge that connects China and North Korea, according to court records.
In 2022, the Justice Department said the FBI seized approximately $500,000 in ransom payments from the money laundering accounts, including the entire hospital ransom payment.
An arrest of Hyok is unlikely, so the biggest outcome of the indictment is that it could lead to sanctions that could harm North Korea’s ability to collect ransoms in this way, which could, in turn, eliminate the motivation to conduct cyberattacks. to entities such as hospitals. in the future, according to Allan Liska, an analyst at cybersecurity firm Recorded Future.
“Now, unfortunately, this will force them to steal more cryptocurrencies. So this will not interrupt their activity. But the hope is that we don’t have hospitals disrupted by ransomware attacks because they will know they can’t be paid,” Liska said.
He also noted that a Chinese entity was among the victims and questioned what the country, which is an ally of North Korea, thinks about being targeted.
“China can’t be too excited about this,” he said.
__
Goldberg reported from Minneapolis. Hollingsworth reported from Mission, Kansas. Associated Press reporter Alanna Durkin Richer contributed from Washington, D.C.
This story originally appeared on ABCNews.go.com read the full story
