According to the indictment filed in a district court in Kansas, Hyok is accused of laundering funds through a Chinese bank, then using that money to pay for cyberattacks against a range of international targets.
As a member of North Korea's Reconnaissance General Bureau intelligence agency, Hyok worked with other alleged state-sponsored hackers to compromise National Aeronautics and Space Administration (NASA) Office of Inspector General, two U.S. Air Force bases – Randolph Air Force Base in Texas and Robins Air Force Base in Georgia – and organizations in India, Japan, Taiwan, South Korea and China. (Related: White House official: China maintained PERSISTENT ACCESS to U.S. networks for years.)
The North Korean government allegedly sponsored these cyber operations and is believed to be orchestrating a wider effort to target foreign agencies and companies to gain intelligence for its military and nuclear programs, according to U.S. officials.
The hackers used another previously unidentified malware script to infiltrate NASA's computer networks for over three months, stealing over 17 gigabytes of data, according to the indictment. The group used the same virus to attack defense companies in Oregon and Michigan to steal information that included details on uranium and shipbuilding projects.
The Department of State has offered a $10 million reward for information that can lead authorities to Hyok's arrest and the arrest of other members of North Korea's Reconnaissance General Bureau, one of its main military intelligence arms. Hyok is believed to be located in North Korea, but the intelligence on the matter is unclear.
Hyok and other hackers affiliated with him are alleged to be part of a cyber crime group known as Andariel or APT45. The cyber unit has targeted or breached computer systems at a broad variety of defense or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft and missile and radar systems.
Internationally isolated North Korea, known formally as the Democratic People's Republic of Korea (DPRK), has a long history of using covert hacking teams to steal sensitive military information.
To fund their operations, the hackers used ransomware to target U.S. hospitals and healthcare companies, U.S. officials allege. One of the ransomware incidents that Hyok is charged with involved a May 2021 hack against a Kansas-based hospital that paid ransom after the hackers encrypted four of its computer servers.
Hyok and his associates allegedly used a strain of ransomware called Maui to disable computers in the hospital, then demanded that it pay an extortion fee in order to end the attack. That malware prevented victims from accessing X-ray systems and electronic document management systems.
The hospital paid in bitcoin, which was transferred to a Chinese bank and then withdrawn from an ATM in Dandong, China, located right next to the Sino-Korean Friendship Bridge which connects the city to the North Korean border city of Sinuiju. The proceeds more than likely were used to purchase more internet infrastructure which is then used to conduct more cyber espionage operations.
Federal Bureau of Investigation (FBI) and Department of Justice (DOJ) officials told reporters they have seized some of the online accounts belonging to the hackers, including $600,000 in virtual currency that will be returned to victims of the ransomware attacks.
"The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programs," said Paul Chichester of the United Kingdom's National Cyber Security Center.
In a joint advisory, the U.S., U.K. and South Korea said the North Korea-affiliated hacking group Andariel, also called "Oynx Sleet," "Silent Chollima" and "APT45," is a threat to industries worldwide.
The U.S. has recently ramped up its efforts to crack down on North Korean espionage, including by sanctioning individuals and companies for illicitly raising money for the government in Pyongyang. In 2020, the Justice Department unsealed a 50-page indictment that accused more than two dozen North Korean and Chinese individuals with allegedly violating sanctions with an illegal global financial network to aid North Korea's nuclear weapons and missile program.
Visit CyberWar.news for more stories about cyberattacks and cyber criminals.
Watch this video discussing how America's weak leadership strengthens its enemies.
This video is from Red Voice Media on Brighteon.com.
World scrambles to restore normalcy amid biggest IT outage in history.
Cyber extortion: AT&T agreed to pay hacker about $400,000 to erase stolen sensitive data.
Apple warns of cyberattack targeting 1.46 BILLION Apple devices.
Thousands of North Koreans are using fake identities to land remote work opportunities on LinkedIn.
Sources include: