hyok_filed_indictment.pdf (319 KB)

The U.S. Justice Department charged North Korean national Rim Jong Hyok over an alleged Andariel conspiracy to hack and extort U.S. hospitals and health care providers using Maui ransomware. Prosecutors say Rim and co-conspirators worked for North Korea’s Reconnaissance General Bureau and are tracked in the private sector as Andariel, Onyx Sleet, and APT45. The indictment alleges that ransom payments were laundered through China-based facilitators and used to lease virtual private servers for further intrusions against defense, technology, and government targets, including U.S. Air Force bases, NASA-OIG, South Korean and Taiwanese defense contractors, and a Chinese energy company. The actors allegedly exploited unpatched known vulnerabilities, including Log4Shell, and stole terabytes of data such as U.S. government employee information, military aircraft-related technical information, intellectual property, and maritime and uranium-processing information. The case matters for DPRK tracking because it connects health-sector ransomware proceeds to follow-on espionage infrastructure and global defense-related data theft.