Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea's illicit activities.
Targets of the campaign include two U.S. Air Force bases, NASA-OIG, as well as South Korean and Taiwanese defense contractors and a Chinese energy company.
The ransom payments were laundered through Hong Kong-based facilitators, converting the illicit proceeds into Chinese yuan, following which they were withdrawn from an ATM and used to procure virtual private servers (VPSes) that, in turn, were employed to exfiltrate sensitive defense and technology information.
[
Collection
]
[
|
...
]