Security News > 2024 > July > U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.
"Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said Paul Abbate, deputy director of the Federal Bureau of Investigation.
Hyok, part of a hacking crew dubbed Andariel, is said to be behind extortion-related cyber attacks involving a ransomware strain called Maui, which was first disclosed in 2022 as targeting organizations in Japan and the U.S. The ransom payments were laundered through Hong Kong-based facilitators, converting the illicit proceeds into Chinese yuan, following which they were withdrawn from an ATM and used to procure virtual private servers that, in turn, were employed to exfiltrate sensitive defense and technology information.
The agencies have also announced the "Interdiction of approximately $114,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions, as well as the seizure of online accounts used by co-conspirators to carry out their malicious cyber activity."
"Onyx Sleet's ability to develop a spectrum of tools to launch its tried-and-true attack chain makes it a persistent threat, particularly to targets of interest to North Korean intelligence, like organizations in the defense, engineering, and energy sectors," the Windows maker noted.
Ariel is just one of the myriad state-sponsored hacking crews operating under the direction of the North Korean government and military, alongside other clusters tracked as the Lazarus Group, BlueNoroff, Kimsuky, and ScarCruft.
News URL
https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html
Related news
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- London hospitals left in critical condition after ransomware attack (source)
- Major London hospitals disrupted by Synnovis ransomware attack (source)
- Qilin ransomware gang linked to attack on London hospitals (source)
- London hospitals face blood shortage after Synnovis ransomware attack (source)
- London hospitals cancel over 800 operations after ransomware attack (source)
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- Microsoft links Scattered Spider hackers to Qilin ransomware attacks (source)
- KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack (source)
- US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks (source)