North Korean Man Charged in Hacking Case that Hit NASA, Hospitals

A North Korean man is indicted in a widespread hacking case that federal officials say exposes some of the cyber techniques used by the government of North Korea.

The suspect, Rim Jong Hyok, is alleged to be one of the ringleaders of a hacking gang that worked for North Korea’s military intelligence agency. The group was known in the private sector as “Andariel,” Onyx Sleet,” and “APT45,” and started out by attacking hospitals with ransomware.

The criminal charges were filed three years after federal officials first disrupted the attacks.

“Today’s criminal charges against one of those alleged North Korean operatives demonstrates that we will be relentless against malicious cyber actors targeting our critical infrastructure,” said Deputy Attorney General Lisa O. Monaco.

Scheme Started with Hospitals, Expanded to Federal Targets

Prosecutors say the group hacked into U.S. hospitals and healthcare providers using ransomware known as “Maui.” The group encrypted files, demanding ransom payments in cryptocurrency to unlock them, with the attacks disrupting the ability of the hospitals to provide for patients.

Once the ransom was paid, the group laundered the money in China and used the proceeds to buy virtual private servers, which were then used to launch a variety of cyber-attacks against U.S. and foreign targets.

Among those hit: two U.S. Air Force bases, the National Aeronautics and Space Administration (NASA), U.S. defense companies, South Korea and Taiwan defense companies, and a Chinese energy company. 

In the case of NASA, the gang obtained access to NASA’s computer system for several months, specifically the portal for NASA’s Office of Inspector General (OIG).

Prosecutors say in total the group stole “terabytes” of information including unclassified U.S. government employee information, old technical information related to military aircraft, intellectual property, and limited technical information pertaining to maritime and uranium processing projects.

“The indictment of individuals responsible for breaching U.S. government systems, regardless of their location, demonstrates the dedication of the National Aeronautics and Space Administration Office of Inspector General (NASA-OIG), the Justice Department, and our law enforcement partners to relentlessly investigate, prosecute, and hold accountable those who believe they can operate in the shadows,” said Assistant Inspector General for Investigations Robert Steinau of NASA-OIG 

Rim is at large and believed to be in North Korea. There’s a $10 million reward leading to his arrest offered by the Department of State.

“This action underscores the United States’ continued efforts to address the DPRK’s malicious cyber activity against critical infrastructure as well as prevent and disrupt the DPRK’s ability to generate illicit revenue through malicious cyber activity, which it uses to fund its unlawful WMD and ballistic missile programs,” said the reward notice.

The Federal Bureau of Investigation (FBI) is continuing to investigate Andariel. 

The Air Force Office of Special Investigations, the Department of Defense Cyber Crime Center, and NASA-OIG provided valuable assistance.