US government launches appeal to take down one of the most notorious North Korean hackers around

North Korean flag made of binary code
(Image credit: Shutterstock)

A North Korean hacker who attacked US healthcare organizations with ransomware attacks and then used the financial returns to steal sensitive data from tech and defense companies around the world has been indicted by a grand jury in Kansas City, Kansas.

Rim Jong Kyok remains at large in North Korea, with the indictment standing as a demonstration that the US “will continue to deploy all the tools at our disposal to disrupt ransomware attacks, hold those responsible to account, and place victims first,” according to Deputy Attorney General Lisa Monaco.

“Today’s criminal charges against one of those alleged North Korean operatives demonstrates that we will be relentless against malicious cyber actors targeting our critical infrastructure,” Monaco stated.

Circumventing sanctions and fueling regime ambitions

Court documents show that Rim, along with others he collaborated with, worked for North Korea’s Reconnaissance General Bureau. This bureau works as a military intelligence agency that is tracked by cybersecurity firms as “Andariel,” “Onyx Sleet,” and “APT45.”

The group used a custom malware developed by North Korea known as “Maui” to target hospitals and other healthcare providers. Once the ransom was paid, the funds would be laundered through firms based in Hong Kong, converted into Chinese yuan, and then withdrawn from an ATM in the vicinity of the Sino-Korean Friendship Bridge, which connects the borders of Dandong, China, and Sinuiju, North Korea.

These funds would then be used to purchase internet infrastructure to be used in the exfiltration of data from military and governmental institutions across the globe, including a further two US Air Force bases, NASA-OIG, and multiple entities in Taiwan, South Korea, and China.

“Today’s indictment underscores our commitment to protecting critical infrastructure from malicious actors and the countries that sponsor them,” said U.S. Attorney Kate E. Brubacher for the District of Kansas. “Rim Jong Hyok and those in his trade put people’s lives in jeopardy. They imperil timely, effective treatment for patients and cost hospitals billions of dollars a year. The Justice Department will continue to disrupt nation-state actors and ensure that American systems are protected in the District of Kansas and across our nation.”

The UK’s National Cyber Security Center issued a joint warning with its partners in the US and Republic of Korea to warn against North Korea’s targeting of critical infrastructure to steal military and nuclear secrets.

Paul Chichester, NCSC Director of Operations, said, “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.”

“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.” 

“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity,” Chichester concluded.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Hacker silhouette working on a laptop with North Korean flag on the background
FBI claims North Korean workers are hacking the US companies which hired them
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
North Korean flag with a hooded hacker
North Korean hackers are posing as software development recruiters to target freelancers
North Korean flag with a hooded hacker
FBI says North Korean Lazarus hackers were behind $1.5 billion Bybit crypto hack
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
North Korean Lazarus hackers launch large-scale cyberattack by cloning open source software
Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does