The US Department of State has announced a reward of up to $10 million for information on a North Korean national charged with hacking hospitals, military bases, and NASA.
The individual, Rim Jong Hyok, is an alleged member of the hacking group tracked as APT45, Andariel, DarkSeoul, Onyx Sleet (formerly Plutonium), Silent Chollima, and Stonefly/Clasiopa, which operates on behalf of a North Korean military intelligence agency, the Reconnaissance General Bureau.
The group, the US says, has been targeting foreign businesses, government entities, and the defense industry for cyberespionage and financial gain.
Rim was charged in a US court this week for his alleged role in the hacking of American healthcare organizations, NASA, and military bases, along with international entities and for laundering the illicit proceeds.
“Rim and others conspired to hack into the computer systems of U.S. hospitals and other healthcare providers, install Maui ransomware, and extort ransoms,” the Department of State said.
The illegally obtained funds, the US says, were then used to fuel North Korea’s cyber operations, which in turn fund the country’s arms race.
In one intrusion, which started in November 2022 and targeted a US-based defense contractor, the threat actors stole more than 30 gigabytes of data, including technical information on older military aircraft and satellite material.
Andariel hacked five healthcare providers, four defense contractors in the US, two Air Force bases, and NASA’s Office of Inspector General, the US says.
“We encourage anyone with information on the malicious cyber activity of Rim Jong Hyok, Andariel, and associated individuals, entities, and activities to contact Rewards for Justice via the Tor-based tips-reporting channel,” the Department of State noted.
The $10 million reward was announced on the same day that Mandiant published a detailed report on the threat actor’s activities. The Google Cloud-owned cybersecurity firm now tracks the hacking group as APT45.
On Thursday, government agencies in the US, Korea, and the UK published a joint advisory on the advanced persistent threat (APT) actor, sharing information on its malware, tactics, and victimology. Microsoft too published a blog post sharing its insights into the group’s activities.
Related: KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting Malware
Related: New North Korean Threat Actor Engaging in Espionage, Revenue Generation Attacks
Related: Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms
Related: US Says North Korean Hackers Exploiting Weak DMARC Settings
