The US Department of State has announced a $10 million reward for information leading to the identification or location of Rim Jong Hyok, a prominent North Korean hacker associated with the state-sponsored group APT45. This group, also known as Andariel, Silent Chollima, Onyx Sleet, or DarkSeoul, is controlled by the DPRK’s military intelligence agency, the Reconnaissance General Bureau.
Malicious Activities
APT45 has been involved in compromising systems in US hospitals, installing Maui ransomware, and extorting ransoms. These attacks have disrupted healthcare services and funded further malicious cyber operations targeting US government entities and defense contractors.
Warnings and Advisory
The bounty announcement coincides with a warning from the UK’s National Cyber Security Centre (NCSC), highlighting APT45’s global cyber espionage campaign aimed at furthering the DPRK’s military and nuclear ambitions. The NCSC’s advisory provides technical details on the group’s tactics and mitigation advice for defending against their advances.
Group’s Evolution
According to a Mandiant report, APT45 has been conducting espionage-based cyber attacks since 2009. The group has transitioned to more financially-motivated operations, reflecting the DPRK’s changing priorities. APT45’s activities now focus on government agencies, the defense industry, nuclear issues, and energy sectors. The group’s interest in ransomware and targeting critical infrastructure, such as nuclear research facilities and power plants, sets it apart from other North Korean hacker gangs.
Recent Activities
In recent years, APT45 has targeted various sectors, including South Korean financial organizations and a South Asian bank. The group’s focus has shifted towards healthcare and pharmaceutical companies, especially during the COVID-19 pandemic.
Significance
The US Department of State’s reward and the NCSC’s advisory underscore the importance of protecting critical infrastructure from state-backed cyber threats. As North Korea relies more on cyber operations, tracking groups like APT45 helps reveal the country’s shifting priorities.
