A U.S. grand jury indicted a North Korean national for his role in a conspiracy that used ransomware against hospitals and healthcare providers in the United States, only to then turn around and use the laundered proceeds to fund additional cyberattacks on defense, technology and government organizations worldwide.
The Justice Department announced on July 25 the indictment of Rim Jong Hyok, who is believed to be a member of North Korea's military intelligence agency Reconnaissance General Bureau (RGB), aka “Andariel,” “Onyx Sleet,” and “APT45.”
Rim and his co-conspirators in the RGB are alleged to have developed the custom "Maui" ransomware strain to use in the attacks, which the Justice Department said prevented victim healthcare providers from providing full and timely care to patients. After running the maui.exe program, the North Korean co-conspirators would extort the organization by leaving a note with a cryptocurrency address for ransom payment.
After laundering the payments through China-based facilitators, members of the threat group then used the proceeds to lease virtual private servers to hack two U.S. Air Force bases, NASA's Office of the Inspector General, as well as defense contractors in the U.S., Taiwan and South Korea, and a Chinese energy company.
One of the vulnerabilities used by Andariel was the Log4Shell exploit that has somehow gone unpatched on victims' networks, years after the vulnerability wreaked havoc on organizations worldwide.
The Justice Department and the FBI said they intercepted approximately $114,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions, as well as the seizure of online accounts used by co-conspirators to carry out their malicious cyber activity.
The U.S. State Department also announced a $10 million reward for Rim's location or identification for his involvement in the hacking conspiracy.
The indictment was announced the same week that U.S. cybersecurity firm KnowBe4 announced that it was infiltrated by a North Korean hacker purporting to be a software engineer who was hired based on a deep-faked identity.
