North Korean charged in ransomware attacks on American hospitals

KANSAS CITY, Kan. (AP) — A man who allegedly carried out cybercrimes for a North Korean military intelligence agency has been indicted in a conspiracy to hack American health care providers, NASA, military bases and other international entities, federal prosecutors announced Thursday.

Rim Jong Hyok was indicted by a grand jury in Kansas City, Kansas. He’s accused of using money launderers to cash out the illicit proceeds, which he then allegedly used to buy computer servers and fund more cyber attacks on defense, technology and government entities around the world.

The hack on American hospitals on other health care providers disrupted the treatment of patients, officials said. He’s accused of attacks on a total of 17 entities in 11 U.S. states including NASA and military bases as well as defense and energy companies in China, Taiwan and South Korea.

The hackers gained access for more than three months to NASA’s computer system, extracting over 17 gigabytes of unclassified data, the indictment says. They were also able to gain access to computer systems for defense companies in places like Michigan and California along with Randolph Air Force base in Texas and Robins Air Force base in Georgia, authorities say.

RELATED COVERAGE Trash dropped by a North Korean balloon falls on South Korea’s presidential compound Belarus’ foreign minister arrives in North Korea for talks expected to focus on Russia cooperation South Korea boosts border propaganda broadcasts after North Korea flies more trash balloons

“While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen A. Cyrus, an FBI agent based in Kansas City.

Online court records do not list an attorney for Hyok, who has lived in North Korea and worked at the military intelligence agency’s offices in both Pyongyang and Sinuiju, according to court records. A reward of up to $10 million has been offered for information that could lead to him or other members of the Andariel Unit of the North Korean government’s Reconnaissance General Bureau, a military intelligence agency.

Justice Department officials said hackers encrypted the files and servers of a Kansas hospital, which they did not identify, in May 2021. The hospital paid about $100,000 in Bitcoin to get its data back, and alerted the FBI. A Colorado health care provider also paid up after it was affected by the same Maui ransomware variant.

The FBI was able to seize online accounts used by the hacking group along with more than $600,000 in proceeds from the ransomware attacks, which have or will be returned to victims, a senior FBI official told reporters.

The Justice Department has brought multiple criminal cases related to North Korean hacking in recent years, often alleging a profit-driven motive that differentiates the activity from that of hackers in Russia and China.

In 2021, for instance, the department charged three North Korean computer programmers in a broad range of global hacks, including a destructive attack targeting an American movie studio, and in the attempted theft and extortion of more than $1.3 billion from banks and companies.

Hyok allegedly conspired to use ransomware software to conduct cyberespionage hacks against American hospitals and other government and technology entities in South Korea, and China.

The hacks are part of North Korean effort to collect information that furthers the country’s military and nuclear aspirations, federal prosecutors said.

__

Goldberg reported from Minneapolis. Durkin Richer reported from Washington, D.C.