The United States government has announced a reward of up to $10 million for information leading to the identification or location of individuals engaging in malicious cyber activities against U.S. critical infrastructure under the direction or control of a foreign government.
Rim Jong Hyok, a national of the Democratic People’s Republic of Korea (DPRK), is associated with a notorious cyber group known as Andariel. Controlled by the DPRK’s military intelligence agency, the Reconnaissance General Bureau, Andariel is a key player in North Korea’s malicious cyber activities and illicit arms trade. Their targets include foreign businesses, government entities, and the defense industry.
Rim Jong Hyok and his accomplices have been implicated in hacking U.S. hospitals and healthcare providers, deploying Maui ransomware to encrypt computers and servers used for medical testing and electronic medical records. These attacks have significantly disrupted healthcare services, with the ransom payments funding further malicious cyber operations against U.S. government entities and defense contractors. One notable incident began in November 2022, when Andariel actors hacked a U.S.-based defense contractor, extracting over 30 gigabytes of data. This included unclassified technical information on materials used in military aircraft and satellites, much of which dated back to 2010 or earlier.
U.S. law enforcement has documented numerous instances of Andariel’s malicious activities, including attacks on five healthcare providers, four U.S.-based defense contractors, two U.S. Air Force bases, and NASA’s Office of Inspector General. These attacks highlight the extensive reach and impact of Andariel’s operations, posing significant threats to national security and critical infrastructure.
The reward announcement underscores the U.S. commitment to addressing and mitigating the DPRK’s malicious cyber activities. By offering substantial financial incentives for information, the RFJ program aims to prevent and disrupt North Korea’s ability to generate illicit revenue through cybercrime, which it uses to fund its unlawful weapons of mass destruction (WMD) and ballistic missile programs. This action is part of a broader strategy to enhance cybersecurity measures, safeguard critical infrastructure, and ensure the security of sensitive information. By targeting key figures and groups involved in these cyber activities, the U.S. aims to reduce the threat posed by state-sponsored cybercrime and protect national interests.
The U.S. Department of State’s Rewards for Justice program’s offer of up to $10 million for information on North Korean hackers linked to the Maui ransomware attacks is a significant step in the fight against cybercrime. By targeting individuals and groups responsible for these malicious activities, the U.S. is taking a proactive stance in protecting its critical infrastructure and national security. This reward not only incentivizes whistleblowers but also sends a strong message to cybercriminals about the serious consequences of their actions.
