Proceeds from ransomware attacks were laundered and then used to fund further computer attacks against government agencies, military bases and defense companies, according to the Department of Justice.
Charging documents list a number of targets, including the Kansas hospital, which suffered a ransomware attack in May 2021, and healthcare groups and organizations in Arkansas, Connecticut, Florida and Colorado, as well as a South Korean manufacturing company. NASA, Randolph Air Force Base in Texas and Robins Air Force Base in Georgia were listed as in court documents as having had data stolen, as were four U.S.-based defense companies, a Chinese energy company, a Taiwanese defense company and two South Korean defense companies.
Rim Jong Hyok, who a news release from the Department of State said was associated with a malicious cyber group named “Andariel” connected to the North Korean military intelligence agency, the Reconnaissance General Bureau, was charged with one count of conspiracy and one count of conspiracy to commit money laundering in U.S. District Court in Kansas City, Kansas. Rim lived in North Korea and worked in the offices of the RGB in Pyongyang and Sinuiju, according to court documents.
“Today’s indictment underscores our commitment to protecting critical infrastructure from malicious actors and the countries that sponsor them,” said District of Kansas U.S. Attorney Kate Brubacher in a statement Thursday. “Rim Jong Hyok and those in his trade put people’s lives in jeopardy. They imperil timely, effective treatment for patients and cost hospitals billions of dollars a year. The Justice Department will continue to disrupt nation-state actors and ensure that American systems are protected in the District of Kansas and across our nation.”
The attackers gained access to the Kansas hospital’s computer system and used malware to encrypt four servers: An intranet server, an X-ray and diagnostic imaging server, an electronic document management server and a sleep lab server, according to court documents. Medical services were limited and the facility had to cancel some patient appointments. A ransom note demanded two Bitcoin — about $100,000 at that time — for restored access to the servers.
Payments were made and those behind the ransomware restored access to the systems and files, according to court documents. An FBI investigation, which turned up more victims, determined that those behind the attacks were state-sponsored North Korean hackers.
Court documents say that in 2022, hackers gained access to a NASA computer system for more than three months and took more than 17 GB of unclassified data. They also infiltrated Randolph Air Force Base’s computer system for more than two weeks and pulled nearly 1 GB of unclassified data, and accessed Robins Air Force Base’s computer system for more than 10 days, taking more than 1 GB of unclassified data such as employee information and passwords, among other attacks.
The federal government is offering a reward of up to $10 million for information that helps find someone who acts under a foreign government to carry out a cyberattack on U.S. infrastructure. For more information, go to rewardsforjustice.net.
©2024 The Kansas City Star. Visit kansascity.com. Distributed by Tribune Content Agency, LLC.
