The U.S. Department of State's Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.
Rim Jong Hyok is a national of the Democratic People's Republic of Korea (DPRK) who is associated with a malicious cyber group known as Andariel. The Andariel group is controlled by the DPRK's military intelligence agency, the Reconnaissance General Bureau, which has primary responsibility for the DPRK's malicious cyber activities and is also involved in the DPRK's illicit arms trade.
Andariel's targets include foreign businesses, government entities, and the defense industry.
Rim and others conspired to hack into the computer systems of U.S. hospitals and other healthcare providers, install Maui ransomware, and extort ransoms. The ransomware attacks encrypted victims' computers and servers used for medical testing or electronic medical records and disrupted healthcare services. These malicious cyber actors then used the ransom payments to fund malicious cyber operations targeting U.S. government entities and U.S. and foreign defense contractors, among others. In one computer intrusion operation that began in November 2022, the malicious cyber actors hacked a U.S.-based defense contractor from which they extracted more than 30 gigabytes of data, including unclassified technical information regarding material used in military aircraft and satellites, much of which was from 2010 or earlier.
U.S. law enforcement investigators have documented that Andariel actors victimized five healthcare providers, four U.S.-based defense contractors, two U.S. Air Force bases, and the National Aeronautics and Space Administration's Office of Inspector General.
This action underscores the United States' continued efforts to address the DPRK's malicious cyber activity against critical infrastructure as well as prevent and disrupt the DPRK's ability to generate illicit revenue through malicious cyber activity, which it uses to fund its unlawful WMD and ballistic missile programs.
We encourage anyone with information on the malicious cyber activity of Rim Jong Hyok, Andariel, and associated individuals, entities, and activities to contact Rewards for Justice via the Tor-based tips-reporting channel at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion (Tor browser required).