NASA data breach: US offers $10M for North Korean hacker
Rim Jong Hyok, a North Korean military intelligence operative, has been indicted by a federal grand jury in Kansas City, Kansas. The indictment alleges that Hyok hacked into various American and global entities including NASA, military bases in the US, and defense and energy companies in Taiwan and South Korea. The charges include stealing sensitive details and deploying ransomware to generate funds for further cyberattacks.
Money laundering and further cyberattacks funded
In addition to hacking, Hyok is charged with laundering money through a Chinese bank. The laundered funds were used to purchase servers and finance additional attacks on technology, defense, and government entities worldwide. Federal prosecutors claim that Hyok, in cooperation other members of the Andariel Unit (APT45) of North Korea's Reconnaissance General Bureau, targeted 17 entities across 11 US states. The Reconnaissance General Bureau was sanctioned by the US in 2015.
Impact of cyberattacks on US entities
The cyberattacks also disrupted patient treatment in US hospitals and other health care providers. Over 17GB of unclassified data were extracted from these entities. Defense companies in California and Michigan, as well as Randolph Air Force Base in Texas and Robins Air Force Base in Georgia, were infiltrated. The stolen data included details on missile defense systems, fighter aircraft, satellite communications, and radar systems.
FBI agent comments on North Korean cyber crimes
Stephen A. Cyrus, an Federal Bureau of Investigation (FBI) agent based in Kansas City, commented on the situation. He stated, "While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas." Hyok remains at large and has previously resided in North Korea.
$10 million reward for information on Hyok
A reward of up to $10 million is being offered for details leading to Hyok or other operatives targeting critical US infrastructure. The US Justice Department has prosecuted multiple cases related to North Korean hacking, often highlighting a profit-driven motive. In 2021, three North Korean programmers were accused with various hacks, such as a destructive attack on an American movie studio and attempts to steal and extort over $1.3 billion from companies and banks worldwide.
Ransomware attack on Kansas medical center
The FBI was informed of Hyok's activities by a Kansas medical center, which was hit by attacks in May 2021. Hackers encrypted servers and files, preventing access to patient records, laboratory test results, and computers necessary for hospital operations. A health care provider in Colorado was also affected by a ransomware. A ransom note sent to the Kansas hospital demanded Bitcoin payments which were then valued at nearly $100,000 to a designated cryptocurrency address.
Tracing the ransom payment trail
Federal investigators tracked blockchains to follow the ransom payment trail. An unnamed co-conspirator transferred the Bitcoin to a virtual currency address belonging to two Hong Kong residents. The cryptocurrency was then converted into Chinese currency and transferred to a Chinese bank. The money was subsequently withdrawn from an ATM in China near the Sino-Korean Friendship Bridge connecting China and North Korea.
Stealing global military secrets to advance banned nuclear program
The US, Britain, and South Korea have also issued a joint advisory accusing the group of stealing classified military secrets to aid Pyongyang's prohibited nuclear weapons program. The advisory disclosed that the cyber unit has targeted or infiltrated computer systems at various defense or engineering firms. These include manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems.
