Security News > 2024 > July > U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.
"Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said Paul Abbate, deputy director of the Federal Bureau of Investigation.
Hyok, part of a hacking crew dubbed Andariel, is said to be behind extortion-related cyber attacks involving a ransomware strain called Maui, which was first disclosed in 2022 as targeting organizations in Japan and the U.S. The ransom payments were laundered through Hong Kong-based facilitators, converting the illicit proceeds into Chinese yuan, following which they were withdrawn from an ATM and used to procure virtual private servers that, in turn, were employed to exfiltrate sensitive defense and technology information.
The agencies have also announced the "Interdiction of approximately $114,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions, as well as the seizure of online accounts used by co-conspirators to carry out their malicious cyber activity."
"Onyx Sleet's ability to develop a spectrum of tools to launch its tried-and-true attack chain makes it a persistent threat, particularly to targets of interest to North Korean intelligence, like organizations in the defense, engineering, and energy sectors," the Windows maker noted.
Ariel is just one of the myriad state-sponsored hacking crews operating under the direction of the North Korean government and military, alongside other clusters tracked as the Lazarus Group, BlueNoroff, Kimsuky, and ScarCruft.
News URL
https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)