{"id":64628,"date":"2022-07-20T11:06:02","date_gmt":"2022-07-20T08:06:02","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=64628"},"modified":"2025-09-06T15:28:36","modified_gmt":"2025-09-06T12:28:36","slug":"u-s-authorities-seize-500000-from-north-korea-linked-ransomware-operators","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/u-s-authorities-seize-500000-from-north-korea-linked-ransomware-operators\/","title":{"rendered":"U.S. authorities seize $500,000 from North Korea-linked ransomware operators"},"content":{"rendered":"<p>The U.S. Department of Justice said it had confiscated about $500,000 paid to North Korea-linked ransomware operators.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Justice Department Seizes and Forfeits Approximately $500,000 from North Korean Ransomware Actors and their Conspirators<\/p>\n<p>Two Ransom Payments Made by U.S. Health Care Providers Recovered by Law Enforcement Will Be Returned to Victims<a href=\"https:\/\/t.co\/AI1HDmFJF7\">https:\/\/t.co\/AI1HDmFJF7<\/a><\/p>\n<p>\u2014 Justice Department (@TheJusticeDept) <a href=\"https:\/\/twitter.com\/TheJusticeDept\/status\/1549490937289662465?ref_src=twsrc%5Etfw\">July 19, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The FBI, in cooperation with the DOJ, disrupted the operations of a North Korea-linked hacker group behind the Maui ransomware distribution.<\/p>\n<p>In May 2021, North Korean hackers attacked the servers of a medical center in a Kansas county using Maui. To decrypt the data, the center paid the attackers about $100,000 in Bitcoin.<\/p>\n<p>Maui had previously attracted little scrutiny, but the FBI pursued the investigation and traced the ransom cryptocurrency thanks to the medical center&#8217;s report.<\/p>\n<p>In April 2022, the FBI identified another $120,000 transfer in Bitcoin to hacker-linked cryptocurrency addresses. It turned out that it had been carried out by a Colorado healthcare provider attacked by Maui.<\/p>\n<p>As a result, law enforcement identified intermediaries of Chinese hackers who helped launder the proceeds, and seized $500,000.<\/p>\n<p>Some of them consist of Bitcoin payments from Maui victims at Kansas and Colorado medical facilities. Authorities said the funds would be returned to the victims.<\/p>\n<p>Chainalysis estimated that in 2021 North Korean hackers carried out at least seven cyberattacks on cryptocurrency platforms, during which <a href=\"https:\/\/forklog.com\/en\/news\/chainalys%d1%96s-in-2021-north-korean-hackers-stole-400-million-in-cryptocurrencies\">stole digital assets worth about $400 million<\/a>.<\/p>\n<p>According to Elliptic data, Lazarus, the North Korea-linked hackers, could have been behind the Horizon cross-chain bridge attack, resulting in <a href=\"https:\/\/forklog.com\/en\/news\/hacker-steals-about-100-million-in-harmonys-horizon-cross-chain-bridge-attack\">stolen about $100 million<\/a>.<\/p>\n<p>According to Reuters, North Korea <a href=\"https:\/\/forklog.com\/en\/news\/reuters-reports-north-korea-losses-from-crypto-market-downturn\">lost millions of dollars stolen by hackers<\/a> amid the decline in crypto markets.<\/p>\n<p>Follow ForkLog&#8217;s Bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 cryptocurrency news, prices and analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The U.S. Department of Justice said it confiscated about $500,000 paid to North Korea-linked ransomware operators.<\/p>\n","protected":false},"author":1,"featured_media":64629,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1153,1154,26],"class_list":["post-64628","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-confiscation","tag-crimes","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"14","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=64628"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64628\/revisions"}],"predecessor-version":[{"id":64630,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64628\/revisions\/64630"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/64629"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=64628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=64628"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=64628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}