July 26th – U.S. federal prosecutors have announced that a North Korean military intelligence operative has been indicted in a conspiracy to hack into American military and critical infrastructure entities.
The operative, Rim Jong Hyok, stole classified information, installed ransomware, laundered money, and invested financial gains (ransom payments) into additional cyber threats that targeted defense, technology and government organizations.
Attack impact
The cyber crimes disrupted 17 entities across 11 U.S. states. Rim’s operations also affected defense and energy companies in China, Taiwan and South Korea.
Among an assortment of activities, Rim and other members of North Korea’s Reconnaissance General Bureau gained access to NASA’s computer system. The group members also infiltrated defense companies located in Michigan and California, along with assorted U.S. Air Force bases.
In 2021, this same group targeted a Kansas-based medical center, resulting in file encryption, inability to access patient files, and the inability to operate hospital infrastructure correctly. A healthcare provider in Colorado was also affected.
In some instances, ransom demands were paid in Bitcoin. Federal investigators were left to follow the money trail.
U.S. authorities also say that this group of cyber criminals has also been involved in North Korea’s illicit arms trade.
Reward offer
Rim is believed to live in North Korea and has previously worked for the nation’s military intelligence offices in both Pyongyang and Sinuiju.
Through its “Rewards for Justice” program, the U.S. is offering a reward of up to $10 million for any information that could lead to Rim or his associates.
For more on this story, visit Newsweek. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.