The US Department of Justice has revealed details of an indictment against a North Korean military intelligence operative accused of targeting critical infrastructure within the United States. The individual in question, Rom Jong Hyok, is said to have carried out ransomware attacks on healthcare facilities and then used the ransom payments to facilitate further breaches on defense, technology, and government organizations worldwide. This activity is alleged to be a violation of the Computer Fraud and Abuse Act, as outlined in the indictment.
The indictment further asserts that the ransom payments obtained from the initial attacks were laundered through Hong Kong, where they were converted into Chinese yuan. The funds were then withdrawn from an ATM and utilized to purchase virtual private servers, enabling the exfiltration of sensitive defense and technology information. These actions demonstrate a calculated strategy to exploit vulnerabilities within target organizations.
Rom Jong Hyok is identified as a member of a hacking group known as Andariel, which is also linked to other aliases such as APT45, Nickel Hyatt, Onyx Sleet, Silent Chollima, Stonefly, and TDrop2. The group is believed to have orchestrated cyberattacks utilizing a ransomware strain dubbed “Maui,” which specifically targeted entities in the US and Japan dating back to 2022. Notably, healthcare providers’ systems and servers used for medical testing or electronic medical records were primary focal points for these attacks.
Andariel operates under the control of North Korea’s military intelligence agency, the Reconnaissance General Bureau, which is reputed for engaging in illicit arms trading and perpetrating malicious cyber activities on behalf of the DPRK. The group’s operations extend beyond national borders, posing a persistent threat to various industry sectors globally, including the United States, South Korea, Japan, and India, according to assessments by the National Security Agency.
In response to the nefarious activities attributed to Rom Jong Hyok and Andariel, the US Department of State’s Rewards for Justice (RFJ) program has announced a reward of up to $10 million for any information that could lead to the location of Rim Jong Hyok, other members of Andariel, or their co-conspirators. This reward underscores the seriousness with which the US government regards cyber threats and the importance of identifying and bringing to justice those responsible for such actions.
Overall, the unsealing of this indictment sheds light on the sophisticated tactics employed by foreign threat actors to compromise critical infrastructure and sensitive information. It serves as a reminder of the ongoing need for vigilance and collaboration among government agencies, industry partners, and cybersecurity experts to counter these evolving cybersecurity threats effectively.