U.S. Indicts North Korean Hacker Rim Jong Hyok for Cyberattacks on Military and Healthcare Targets

On July 26, the United States indicted Rim Jong Hyok, a North Korean hacker, for orchestrating cyberattacks that compromised military and nuclear secrets. The indictment, announced by the Justice Department, charges Rim with conspiring to hack and extort U.S. hospitals and other healthcare providers.

These attacks involved laundering ransom payments and using the funds to finance further cyber intrusions into defense, technology, and government sectors globally. The U.S. government has offered a $10 million reward for information leading to Rim’s location or identification.

Rim Jong Hyok, along with his co-conspirators, allegedly operated under the North Korean intelligence agency Reconnaissance General Bureau and were part of a hacker collective known as Andariel, also referred to as Onyx Sleet and APT45.

The indictment details how Andariel targeted a range of entities, including five healthcare providers, four U.S. defense contractors, two U.S. Air Force bases, and NASA’s Office of Inspector General. Their attacks resulted in the theft of vast amounts of data, including unclassified government employee information and technical details related to military and nuclear projects.

The hackers also targeted and infiltrated networks of Taiwanese and South Korean defense contractors, as well as a Chinese energy company.

Their operations involved encrypting servers at U.S. hospitals and healthcare facilities, rendering crucial health records inaccessible until ransoms were paid. In one instance, a Kansas hospital received a ransom demand of approximately $100,000 in Bitcoin, with threats of publicizing the data if the payment was not made within 48 hours.

The indictment highlights the broader implications of such cyberattacks, emphasizing how they jeopardize critical infrastructure and disrupt healthcare services, costing billions of dollars annually.

In response, the U.S. has recovered $114,000 from the ransomware attacks and seized online accounts used by the hackers. The FBI, along with the Justice Department, is actively working to mitigate these threats and safeguard essential services.

North Korea’s reliance on cyber theft to support its missile and nuclear programs has been increasingly noted. The U.N. Security Council’s Panel of Experts reported that North Korea has generated around $3 billion from cyberattacks on cryptocurrency companies between 2017 and 2023.

Despite heavy international sanctions, Pyongyang has continued to exploit cyber capabilities to fund its illicit activities. The U.S. Treasury Department had previously sanctioned the Reconnaissance General Bureau in 2015, and ongoing efforts are focused on countering the threat posed by North Korean cyber operations.