DOJ recovers $500K digital asset and fiat from hackers linked to North Korea

Getting your Trinity Audio player ready...

The U.S. Department of Justice (DOJ) has seized and forfeited over $500,000 in digital assets and fiat connected to ransomware payments made to hackers with alleged links to North Korean government.

In a press release, the DOJ stated that roughly $100,000 of the fund is from a BTC ransomware payment that a medical center in the District of Kansas made to the hackers in May 2021. Another $120,000 worth of BTC was paid by a Colorado medical center to the same hackers in April 2022.

The funds were traced by the FBI thanks to timely reporting filed by the Kansas medical center on the ransomware payment it made to restore access to its servers. The FBI investigation identified the malware used in hijacking the servers as a strain called “Maui.”

When a similar malware hijacked the Colorado medical center, and the FBI confirmed another payment, it was able to issue a seizure warrant for the two linked wallets, as well as other funds related to the hackers, which had been traced to a money-laundering group in China. 

The funds will now be returned to the victims, the release added. U.S. Attorney for the District of Kansas Duston Slinkard said: “These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ramsons in order to regain control of their computer and record systems. What these hackers don’t count on is the tenacity of the U.S. Justice Department in recovering and returning these funds to the rightful owners.”

This is not the first time the FBI and DOJ have recovered ransomware payments. U.S. Deputy Attorney General Lisa Monaco notes that the same methods had been used in recovering the more than $2 million digital currency ransomware payment made by the Colonial Pipeline system in 2021. 

North Korea’s notoriety in cybercrime increasing 

Meanwhile, the U.S. has been raising more concerns over the rising spate of cyber attacks originating from North Korea. In a joint notice in May, the Justice Department informed the public to be on alert as North Korean hackers were now getting jobs in the IT departments of U.S. companies intending to infiltrate them. 

The U.S. Treasury Department has also linked the March 2022 hack of Axie Infinity’s Ronin Bridge to a North Korean hackers group. A U.N. report disclosed that North Korea was using proceeds from its state-sponsored hacking and money-laundering operations to fund its sanctioned nuclear program. 

Similarly gaining notoriety are Russian ransomware groups who have been linked to multiple incidents. The U.S. State Department has a bounty out for information on one group called “Conti” that has been operating for the past two years. 

Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets

https://www.youtube.com/watch?v=R58jiNcC5mA