North Korean Hackers and the FBI’s $10 Million Bounty: Global Bitcoin Extortion Tied to Kim Jong-un

On July 26, the FBI announced a $10 million reward for information leading to the arrest of a North Korean military intelligence agent. The hacker, identified as Rim Jong Hyok (transliterated), is accused of launching cyberattacks against several U.S. healthcare institutions, NASA, and military bases. These attacks involved stealing sensitive information and extorting ransoms.

Laundering Money Through Chinese Banks

According to the FBI's indictment, Rim Jong Hyok is affiliated with Andariel, a group under North Korea's Reconnaissance General Bureau (RGB). He is wanted for hacking, money laundering, and violating the Computer Fraud and Abuse Act (CFAA). Rim allegedly laundered money through Chinese banks to purchase computer servers, which were then used to conduct cyberattacks on global defense, technology companies, and government agencies.

One notable attack occurred in May 2021 when Rim targeted a hospital in Kansas, USA. He installed ransomware on medical electronic equipment, leading the hospital to pay nearly $100,000 in Bitcoin as ransom. Subsequently, Rim withdrew the stolen funds at an ATM in Dandong City, Liaoning Province, China, near the China-North Korea Friendship Bridge.

Global Impact of Cyberattacks

The hacker group Andariel has targeted multiple defense, aerospace, and energy agencies worldwide. Their goal is to acquire confidential technology to support North Korea's military and nuclear programs. Key targets include defense and energy companies in the United States, the United Kingdom, South Korea, Taiwan, and China. These attacks have sought to obtain technology related to enriched uranium refining, tanks, submarines, and torpedoes.

Funding North Korea’s Regime

Reports from the United Nations and private companies reveal that North Korean hackers have stolen billions of dollars from banks and cryptocurrency firms in recent years. This revenue has become a significant financial resource for the North Korean regime. White House officials noted last month that approximately half of North Korea’s missile program is financed through cyberattacks and cryptocurrency theft.

Challenges in Capturing Rim Jong Hyok

Despite the substantial reward, capturing Rim Jong Hyok remains challenging. Court records indicate that he resides in North Korea and has worked for military intelligence in Pyongyang and Sinuiju. This situation complicates the FBI's efforts to apprehend him.