A US grand jury has indicted a North Korean national for his role in a conspiracy to use ransomware against US hospitals and healthcare providers, then launder the proceeds to fund further cyber attacks against defense, technology and government organizations around the world.
On July 25, the Department of Justice announced the indictment of Lim Jeong-hyok, a suspected member of North Korea’s military intelligence agency, the Reconnaissance General Bureau (RGB), also known as Andariel, Onyx Sleet, and APT45.
Lim and his RGB co-conspirators allegedly developed custom “Maui” ransomware to use in the attacks, which the Justice Department said would prevent affected healthcare providers from providing complete and timely medical care to their patients. After running the maui.exe program, the North Korean co-conspirators would blackmail organizations by leaving a note with a cryptocurrency address for ransom payment.
After laundering funds through China-based intermediaries, members of the threat group used the proceeds to lease virtual private servers to hack two US Air Force bases, the NASA Office of Inspector General, US, Taiwanese and South Korean defense contractors, and a Chinese energy company.
One of the vulnerabilities Andariel used was the Log4Shell exploit, which for some reason remains unpatched on victim networks, years after it wreaked havoc on organizations around the world.
The Department of Justice and the FBI announced that they had seized approximately $114,000 worth of cryptocurrency obtained from the ransomware attacks and related money laundering transactions, as well as online accounts used by the conspirators to carry out their malicious cyber activity.
The State Department also announced a $10 million reward for anyone who can identify Lim and his location for his involvement in the hacking conspiracy.
The indictment was announced the same week that US cybersecurity firm KnowBe4 said it had been infiltrated by North Korean hackers posing as software engineers who had been hired based on deepfake identities.
