Friday 26 July 2024

North Korean who used ransomware to attack US healthcare providers has been indicted

The State Department says he belongs to a group operating under North Korea's intelligence agency.

A grand jury in Kansas City has indicted Rim Jong Hyok, a North Korean intelligence operative who allegedly used ransomware to attack health providers' systems in the US, according to AP News. The State Department said Rim is part of a group called Andariel that's controlled by the North Korean intelligence agency, the Reconnaissance General Bureau. Rim is not in the US government's custody. The agency is now offering a $10 million reward for information that would lead to his location or the location of a foreign operative who "engages in certain malicious cyber activities against US critical infrastructure."

A Kansas medical center alerted the FBI about an attack that blocked personnel's access to patient files and lab test results, as well as prevented them from operating hospital equipment with their computers, was back in 2021. It's a common MO of Rim's Andariel group, which would infiltrate a computer system and infect it with Maui ransomware. The group would then ask their target for payment and would threaten to release sensitive information if they don't pay up. In the Kansas hospital's case, the group demanded a ransom in Bitcoin worth $100,000 within 48 hours. The group allegedly used the money it gets to buy more computers and servers to fund more cyberattacks.


By Mariella Moon.
Full story at Engadget.

No comments:

Post a Comment