{"id":22848,"date":"2022-07-21T05:26:30","date_gmt":"2022-07-21T09:26:30","guid":{"rendered":"http:\/\/worldjusticenews.com\/news\/?p=22848"},"modified":"2022-07-21T05:26:30","modified_gmt":"2022-07-21T09:26:30","slug":"us-seizes-stolen-funds-from-suspected-north-korean-hackers","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2022\/07\/21\/us-seizes-stolen-funds-from-suspected-north-korean-hackers\/","title":{"rendered":"US seizes stolen funds from suspected North Korean hackers"},"content":{"rendered":"<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\"><b class=\"ssrcss-hmf8ql-BoldText e5tfeyi3\">The US Department of Justice has seized $500,000 (\u00a3417,000) worth of Bitcoin from suspected North Korean hackers.<\/b><\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The hackers attacked healthcare providers with a new strain of ransomware, extorting the funds from several organisations.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">US authorities\u00a0<a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-seizes-and-forfeits-approximately-500000-north-korean-ransomware-actors\" target=\"_blank\" rel=\"noopener\">say they have already returned<\/a>\u00a0ransom payments to two hospital groups.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The rare successful seizure comes as US authorities warn that North Korea is becoming a major ransomware threat.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">In a conference on Tuesday, Deputy Attorney General Lisa O. Monaco praised an unnamed Kansas hospital for alerting the FBI early about the ransomware attack.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;Not only did this allow us to recover their ransom payment as well as a ransom paid by previously unknown victims, but we were also able to identify a previously unidentified ransomware strain,&#8221; she said.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-dm4ypg-ComponentWrapper-HeadlineComponentWrapper e1xue1i89\" data-component=\"subheadline-block\">\n<h2 id=\"Hackers-targeted-hospital-\" class=\"ssrcss-y2fd7s-StyledHeading e1fj1fc10\" tabindex=\"-1\"><span role=\"text\">Hackers targeted hospital<\/span><\/h2>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">According to court documents, hackers used the ransomware strain called Maui to encrypt the files and servers of a medical centre in Kansas in May 2021.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Typically, ransomware hackers will use malicious software to scramble data or lock users out of the system until a ransom is paid.<\/p>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The Kansas hospital spent a week not being able to access its IT systems, then decided to pay approximately $100,000 in Bitcoin to regain the use of its computers and equipment.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">It is not illegal to pay hacker ransoms, but it is discouraged by law enforcement organisations around the world.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"unordered-list-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<div class=\"ssrcss-1o5f7ft-BulletListContainer e5tfeyi0\">\n<ul role=\"list\">\n<li><a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/business-59990477\" target=\"_blank\" rel=\"noopener\">N Korea hackers stole $400m crypto in 2021 &#8211; report<\/a><\/li>\n<li><a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/stories-57520169\" target=\"_blank\" rel=\"noopener\">The Lazarus heist: How hackers tried to steal $1bn<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The FBI says it was swiftly notified about the payment by the medical centre, which meant officers were able to identify the never-before-seen ransomware linked to North Korea and trace the cryptocurrency to China-based money launderers.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Agents were also able to identify another $120,000 Bitcoin payment made to one of the criminal cryptocurrency accounts. This turned out to be a medical provider in Colorado which had just paid a ransom after also being hacked by the Maui ransomware criminals.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The FBI says it has returned the money to the two healthcare providers, but has not said from where the rest of the seized funds have come.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-dm4ypg-ComponentWrapper-HeadlineComponentWrapper e1xue1i89\" data-component=\"subheadline-block\">\n<h2 id=\"How-seizure-happened\" class=\"ssrcss-y2fd7s-StyledHeading e1fj1fc10\" tabindex=\"-1\"><span role=\"text\">How seizure happened<\/span><\/h2>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">It is not known how the FBI was able to seize the funds but Tom Robinson, founder and chief scientist of Elliptic, which analyses Bitcoin payments, told the BBC the seizure may have come about as the hackers tried to exchange their Bitcoin to traditional currency.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;It&#8217;s likely that the investigators were able to trace the cryptocurrency to an exchange platform, where the launderers would have sent the funds in order to cash out. Exchanges are regulated businesses and can seize their customers&#8217; funds if compelled to do so by law enforcement,&#8221; he said.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-18mjolk-ComponentWrapper e1xue1i810\" data-component=\"image-block\">\n<figure class=\"ssrcss-wpgbih-StyledFigure e34k3c23\">\n<div class=\"ssrcss-ab5fd8-StyledFigureContainer e34k3c21\"><span class=\"ssrcss-1hq4gmv-Placeholder e16icw910\"><img loading=\"lazy\" decoding=\"async\" class=\"ssrcss-evoj7m-Image ee0ct7c0\" src=\"https:\/\/ichef.bbci.co.uk\/news\/976\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg\" srcset=\"https:\/\/ichef.bbci.co.uk\/news\/240\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 240w, https:\/\/ichef.bbci.co.uk\/news\/320\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 320w, https:\/\/ichef.bbci.co.uk\/news\/480\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 480w, https:\/\/ichef.bbci.co.uk\/news\/624\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 624w, https:\/\/ichef.bbci.co.uk\/news\/800\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 800w, https:\/\/ichef.bbci.co.uk\/news\/976\/cpsprodpb\/15CA0\/production\/_121484298_europolpic.jpg 976w\" alt=\"Police conducting a raid\" width=\"976\" height=\"549\" \/><\/span><\/div><figcaption class=\"ssrcss-1mget3o-StyledFigureCaption e34k3c22\">\n<div class=\"ssrcss-y7krbn-Stack e1y4nx260\">Seizing stolen cryptocurrency usually involves arresting cyber-criminals to gain access to their digital wallets (Image: Europol)<\/div>\n<\/figcaption><\/figure>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p>&nbsp;<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;Another possibility is that the cryptocurrency was seized directly from the launderers&#8217; own wallet. This is more challenging to do as it would require access to the wallet&#8217;s private key &#8211; a passcode that allows cryptocurrency in a wallet to be accessed and moved.&#8221;<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">US authorities are increasingly using new tactics to steal back extorted funds from cyber-criminals operating in jurisdictions like North Korea and Russia, where law enforcement agencies do not co-operate with Western requests for assistance.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;These seizures are still very rare, and it highlights the value of speedy reporting of cyber-extortion incidents, and working with law enforcement,&#8221; says Jen Ellis, from cyber-security firm Rapid7.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">&#8220;They won&#8217;t be able to recoup the payment in every case, but the more information they have on attacker groups&#8217; tactics, techniques, and procedures, the more likely they are to be able to disrupt, deter, and respond to attacks, which benefits everyone.&#8221;<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">Last June, the US\u00a0<a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/business-57394041\" target=\"_blank\" rel=\"noopener\">recovered most of the $4.4m ransom<\/a>\u00a0paid by Colonial Pipeline to a cyber-criminal gang thought to be based in Russia.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">In November 2021, the US also\u00a0<a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.bbc.co.uk\/news\/technology-59215167\" target=\"_blank\" rel=\"noopener\">clawed back $6m from another ransomware gang<\/a>\u00a0called REvil with heavy links to Russia.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-dm4ypg-ComponentWrapper-HeadlineComponentWrapper e1xue1i89\" data-component=\"subheadline-block\">\n<h2 id=\"North-Korean-ransomware\" class=\"ssrcss-y2fd7s-StyledHeading e1fj1fc10\" tabindex=\"-1\"><span role=\"text\">North Korean ransomware<\/span><\/h2>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">As well as traditional state espionage elements, North Korea has for many years been accused of directing hacks aimed at making money for the pariah state.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">North Korean hacking activity is often attributed to the so-called Lazarus Group of hackers, which has been accused of attempting to take $1bn from a Bangladesh bank in 2016.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">In the last year, the group has been linked to lucrative attacks on cryptocurrency platforms, but last month the US cyber-authorities\u00a0<a class=\"ssrcss-k17ofw-InlineLink e1no5rhv0\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/aa22-187a\" target=\"_blank\" rel=\"noopener\">issued a warning<\/a>\u00a0about North Korean hackers launching ransomware attacks against US hospitals.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-uf6wea-RichTextComponentWrapper e1xue1i86\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph eq5iqo00\">The authorities did not provide evidence that North Korea was behind the attacks, but the joint Cybersecurity Advisory assessment of the Maui ransomware stated that it had been &#8220;used by North Korean state-sponsored cyber-actors since at least May 2021 to target healthcare organisations.&#8221;<\/p>\n<p>Source: <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-62239638\" target=\"_blank\" rel=\"noopener\">bbc.co.uk<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">The US Department of Justice has seized $500,000 (\u00a3417,000) worth of Bitcoin from suspected North Korean hackers. The hackers attacked healthcare providers with a new strain of ransomware, extorting the funds from several organisations. US <a class=\"mh-excerpt-more\" href=\"https:\/\/worldjusticenews.com\/news\/2022\/07\/21\/us-seizes-stolen-funds-from-suspected-north-korean-hackers\/\" title=\"US seizes stolen funds from suspected North Korean hackers\">[&#8230;]<\/a><\/div>\n","protected":false},"author":1,"featured_media":22849,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[109,2,3],"tags":[4686,6668,1172,2936,8469,1786,6270],"class_list":{"0":"post-22848","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-headline","8":"category-news","9":"category-usa","10":"tag-cryptocurrency","11":"tag-cyber-criminals","12":"tag-fbi","13":"tag-hacking","14":"tag-lazarus-group","15":"tag-north-korea","16":"tag-ransomware","17":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/22848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=22848"}],"version-history":[{"count":2,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/22848\/revisions"}],"predecessor-version":[{"id":22851,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/22848\/revisions\/22851"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/22849"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=22848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=22848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=22848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}