Security News > 2024 > July > U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.
"Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities," said Paul Abbate, deputy director of the Federal Bureau of Investigation.
Hyok, part of a hacking crew dubbed Andariel, is said to be behind extortion-related cyber attacks involving a ransomware strain called Maui, which was first disclosed in 2022 as targeting organizations in Japan and the U.S. The ransom payments were laundered through Hong Kong-based facilitators, converting the illicit proceeds into Chinese yuan, following which they were withdrawn from an ATM and used to procure virtual private servers that, in turn, were employed to exfiltrate sensitive defense and technology information.
The agencies have also announced the "Interdiction of approximately $114,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions, as well as the seizure of online accounts used by co-conspirators to carry out their malicious cyber activity."
"Onyx Sleet's ability to develop a spectrum of tools to launch its tried-and-true attack chain makes it a persistent threat, particularly to targets of interest to North Korean intelligence, like organizations in the defense, engineering, and energy sectors," the Windows maker noted.
Ariel is just one of the myriad state-sponsored hacking crews operating under the direction of the North Korean government and military, alongside other clusters tracked as the Lazarus Group, BlueNoroff, Kimsuky, and ScarCruft.
News URL
https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html
Related news
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)