North Korean operative indicted in cyberattack against Robins Air Force Base. What we know

A federal grand jury has indicted a North Korean military intelligence operative Wednesday for his alleged involvement in cyberattacks against American military bases and health care providers, including Robins Air Force Base in Warner Robins.

Rim Jong Hyok, the North Korean operative indicted, is allegd to be part of a group of North Korean intelligence operatives known as Andariel, Onyx Sleet and Silent Chollima. The U.S. Department of State said Thursday they are offering a reward of up to $10 million for anyone who provides information to help locate Hyok.

Hackers, including Hyok, accessed computers at Robins Air Force Base for about 10 days in April 2022 through a system vulnerability, officials said. They lost access once the vulnerability was fixed. However, in that time they managed to extract more than a gigabyte of unclassified data, including employee information and passwords, according to court documents.

The attack against the base was part of a larger mission to hack health care providers, extort money, and then launder and use the money to fund intrusions into American military bases, defense companies and government agencies. Once operatives accessed those computers, they saved sensitive data in private servers to be given to North Korea’s intelligence agency, the Reconnaissance General Bureau.

Hyok is accused of targeting 17 entities in 11 states. In addition to accessing computers at Robins Air Force Base, the group accessed data at Randolph Air Force Base near San Antonio. Defense companies in Michigan, California, Oregon and Massachusetts were also targeted.

The last attack mentioned in the indictment occurred in March 2023 against an unnamed South Korean manufacturing company.

Online court records do not list an attorney for Hyok. Court documents are requesting that his trial be held in Kansas City, where the indictment was issued.