Security News > 2024 > July > North Korean chap charged for attacks on US hospitals, military, NASA – and even China
The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and even a Chinese target.
An indictment [PDF] named Rim Jong Hyok as a participant in "a conspiracy to hack and extort US hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide."
The indictment mentions a pair of South Korean defense companies as targets, as well as a South Korean manufacturer.
Even a Chinese energy company became a target - an oddity, given North Korea depends on the People's Republic for patronage and resources.
"Onyx Sleet's ability to develop a spectrum of tools to launch its tried-and-true attack chain makes it a persistent threat, particularly to targets of interest to North Korean intelligence, like organizations in the defense, engineering, and energy sectors," in Microsoft's estimation.
"APT45 and activity clusters suspected of being linked to the group are strongly associated with a distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit and APT43," Mandiant asserted, before noting that the group is North Kore''s most frequently-observed targeter of critical infrastructure.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/26/andariel_indictment_north_korea/
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- China has utterly pwned 'thousands and thousands' of devices at US telcos (source)
- Ransom gang claims attack on NHS Alder Hey Children's Hospital (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)