Federal prosecutors announced Thursday that a North Korean military intelligence agency was behind cybercrimes impacting U.S. healthcare providers, military bases, NASA, and other entities.
Money Laundering and Cyber Attacks
Prosecutors accused Rim Jong Hyok of money laundering to access unlawful proceeds and then purchasing additional computer servers to allegedly unleash more cyberattacks on international technology, defense, and governmental entities.
Indictment in Kansas
A grand jury indicted Hyok in Kansas. He allegedly hacked 17 entities in 11 U.S. states and is implicated in hacks in the defense and energy industries in South Korea, Taiwan, and China.
Disrupted Healthcare Services
Hyok’s alleged cybercrimes in the U.S. included hacking hospitals and healthcare systems, leading to disrupted treatments for American patients.
NASA Cyber Attack
Prosecutors stated in the indictment that the hackers retained access to NASA’s computer system for over three months and that the criminals downloaded nearly twenty gigabytes of unclassified information.
Defense and Military Hacks
The perpetrators accessed defense company computer systems in Michigan and California and hacked Randolph Air Force Base in Texas and Robins Air Force Base in Georgia.
FBI Statement
Federal Bureau of Investigations (FBI) Agent Stephen A Cyrus from Kansas City said, “While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have an impact on the citizens of Kansas.”
Background of Hyok
Hyok has worked in North Korea’s military intelligence offices in Pyongyang and Sinuiju. Officials are offering a reward of up to $10 million for information about Hyok or the North Korean military intelligence agency.
Motivations Behind North Korean Cybercrimes
Cybercrimes perpetrated by North Korea differ from hacking cases from Russia and China in that North Korean hackers are usually motivated by profit rather than strictly intelligence missions.
Kansas Hospital System Hack
In the case leading to the indictment, prosecutors said that an undisclosed Kansas hospital system was hacked, and their files and servers encrypted in May 2021. To regain control of the servers and files, the hospital system paid a bribe of $100,000 in Bitcoin and reported the cyberattack to the FBI.
Colorado Healthcare Entity Hack
Similarly, a Colorado healthcare entity paid a bribe to recover data using the same ransomware after a cyberattack.
FBI Seizure of Funds
In pursuit of the perpetrators, the FBI seized accounts affiliated with the hackers and took possession of $600,000 the criminals had amassed from their attacks. Funds recovered will be returned to victims.
Theft and Extortion Charges
In another case, three North Korean computer programmers were charged with theft and extortion of $1.3 billion from banks and other businesses.
Dual Effect of Cyber Activity
While the attacks do generate considerable criminal activity, the dual effect of cyber activity is to gain information and intelligence for North Korean missions and activities.
