The United States Department of State asserts that he is a member of a group that functions under the intelligence agency of North Korea.
An indictment has been handed down against Rim Jong Hyok, a North Korean intelligence operator who is accused of using ransomware to assault the computer systems of health providers in the United States, according to AP News. The grand jury held its proceedings in Kansas City. The United States Department of State has stated that Rim is a member of a group known as Andariel, which is under the authority of the Reconnaissance General Bureau, which is the intelligence agency of northern Korea. The United States government does not have custody of Rim. A reward of ten million dollars is currently being offered by the agency for information that would lead to the location of either him or a foreign operative who “engages in certain malicious cyber activities against US critical infrastructure.”
In 2021, a medical center in Kansas reported to the Federal Bureau of Investigation (FBI) an attack that stopped personnel from managing hospital equipment with their computers and barred their access to patient files and lab test results. Additionally, the attack prevented personnel from accessing patient files. One of the most typical methods of operation utilized by Rim’s Andariel group is to compromise a computer system and then infect it with the Maui ransomware. The organization would next confront their target with a demand for payment and threaten to disclose critical information if they did not comply with the request. Regarding the Kansas hospital, the organization requested a ransom in Bitcoin that was worth one hundred thousand dollars within forty-eight hours. The money that the gang receives is said to have been utilized to purchase additional computers and servers in order to finance other hacks.
In the midst of Andariel’s attacks on healthcare providers in 2022, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury released a unified cybersecurity alert. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” they concluded in their report. Investigators from the federal government stated that they followed the ransom that the Kansas medical institution paid across blockchains and discovered that someone had transferred the Bitcoin to an address that belonged to two individuals who were citizens of Hong Kong. According to the court documents that were viewed by the Associated Press, the funds were subsequently transferred to a Chinese bank and withdrawn from an automated teller machine in China, which is located in close proximity to the Sino-Korean Friendship Bridge, which connects China to North Korea.
It is alleged that Andariel and Rim infiltrated seventeen organizations located in eleven different states. These organizations include four defense contractors, two United States Air Force facilities, and NASA. According to reports, the organization was able to remain within the computer system of NASA for a period of three months and take seventeen terabytes of sensitive material there. Within the context of one of its operations that targeted a United States defense contractor in November 2022, the State Department reported that the organization was also able to extract more than thirty terabytes of data. This data includes information on the material that is utilized in United States military aircraft and satellites.