A North Korean military operative has been indicted for his alleged role in hacking American medical providers, NASA and for using ransomware to extort organizations around the world, US prosecutors said Thursday.

Rim Jong Hyok is accused of laundering funds through a Chinese bank, then using that money to pay for cyberattacks against a range of international targets. As a member of North Korea’s Reconnaissance General Bureau intelligence agency, Hyok worked with other state-sponsored hackers to compromise NASA’s office of the inspector general, two US Air Force bases as well as organizations in Taiwan, South Korea and China, according to an indictment filed in a Kansas City, Kansas district court.

The North Korean government sponsored the hacks as part of a wider effort to target foreign agencies and companies to gain intelligence for its military and nuclear programs, according to US officials. The hackers also used a strain of ransomware called Maui to disable computers in the health sector, then demanded that victims pay an extortion fee in order to end the attack. That malware prevented victims from accessing X-ray systems and electronic document management systems, according to the indictment.

Attackers used the proceeds from their ransomware attacks to purchase internet infrastructure that they then used to conduct cyber-espionage, according to the charges.

The State Department has offered a reward of as much as US$10 million for information leading to the arrest of Hyok and other members of an arm of the Reconnaissance General Bureau. Hyok was last known to be located in North Korea, according to an FBI bulletin. An attorney for the defendant couldn’t immediately be located for comment.

The hackers used another previously unidentified malware script to infiltrate NASA’s computer networks for over three months, stealing over 17 gigabytes of data, according to the indictment. The group used the same virus to attack defense companies in Oregon and Michigan to steal information that included details on uranium and shipbuilding projects.   

In a separate joint advisory Thursday, the US, UK and South Korea said the RGB-affiliated hacking group Andariel, also called “Oynx Sleet,” “Silent Chollima” and “APT45,” is a threat to industries worldwide. Researchers at Microsoft Corp. and Mandiant Intelligence, a unit of Google Cloud, also published reports detailing the group’s campaigns.

The US has recently ramped up its efforts to crack down on North Korean espionage, including by sanctioning individuals and companies for illicitly raising money for the government in Pyongyang. In 2020, the Justice Department unsealed a 50-page indictment that accused more than two dozen North Korean and Chinese individuals with allegedly violating sanctions with an illegal global financial network to aid North Korea’s nuclear weapons and missile program.

North Korean workers have also been found to have secured remote work contracts with hundreds of US companies as part of a scheme to help fund North Korea’s illicit nuclear weapons and missile programs. The security firm KnowBe4 said in a blog post Tuesday that it unknowingly hired a North Korean man who downloaded malware onto the company’s platforms in mid-July. The hacker applied for the role with a stolen US identity, which was complete with an artificial intelligence-enhanced photo, the blog post said.

  - Bloomberg