North Korean hackers extort hospitals to fund attacks on US government

Editor's Note

North Korean hackers targeted U.S. hospitals and healthcare systems with ransomware to fund a covert information exfiltration campaign against American military and scientific entities, according to a July 25 report from CBS News.

The first attack was a May 2021 ransomware infiltration of a hospital in Kansas. The hacking group Andariel, which is tied to North Korea’s military intelligence agency Reconnaissance General Bureau (RGB), demanded Bitcoin ransoms in exchange for decryption keys to unlock imaging systems and electronic document management servers. Since then, the attackers have targeted hospitals, clinics, and medical facilities in Arkansas, Connecticut, Florida, and Colorado, as well as a South Korean manufacturing company, CBS reports, citing federal investigators.

Rim Johg Kyok of North Korea is the only named defendant in the conspiracy. The State Department offers a $10 million reward for information leading to Rim or other members of the hacking group. The FBI seized over $600,000 in virtual currency proceeds, which will be returned to ransomware victims. Prosecutors told CBS the North Korean hackers targeted hospitals and health care companies aim to use ransom payments to buy internet servers to attack U.S., South Korean and Chinese government entities.

A new cybersecurity advisory warns that the cyber group primarily targets defense, aerospace, nuclear, and engineering entities to advance North Korea's military and nuclear programs. They also targeted NASA, Randolph Air Force Base, and a Massachusetts defense contractor, stealing significant amounts of unclassified data. The hackers also hit defense companies in Taiwan and South Korea, continuing their activities into 2023. The UK's National Cyber Security Centre also warned of Andariel's global targeting of organizations to steal classified information and intellectual property.