US State Department Places $10 Million Bounty on North Korean Hacking Groups

Colin Thierry Colin Thierry
Published on: July 29, 2022
US State Department Places $10 Million Bounty on North Korean Hacking Groups

The US State Department offered up to a $10 million bounty in exchange for information on North Korean hacking groups associated with cyber-espionage, ransomware, cryptocurrency theft, and other illegal activities.

The agency previously posted a $5 million bounty in March for any insight into the financial dealings of North Korean state-sponsored threat actors.

“Up to $10M for information on DPRK-linked malicious #cyber activity & #cyberthreat actors,” read a tweet on Tuesday from the official US State Department Rewards for Justice Program’s account. “Got a tip on the Lazarus Group, Kimsuky, Bluenoroff, Andariel, or others? Send it to RFJ via our TOR-based tip line.”

However, the announcement on the official Rewards for Justice website revealed that the bounty has an even wider range. This reward doesn’t only apply to North Korea-backed hacker groups but also to other cybercriminal entities that threaten “U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

Rewards for Justice provided a Dark Web Tor-based tip-reporting channel in order to protect informers. The announcement also stated that eligible sources may benefit from cryptocurrency payment rewards and relocation, if deemed necessary.

The Department of State’s announcement comes after the FBI seized crypto assets worth $500,000 from members of the North Korean Maui ransomware gang last week. Maui is likely run by members of the infamous Lazarus Group (also known as APT38 or Hidden Cobra), which mainly focuses on attacking blockchain companies and crypto assets.

“Rewards for Justice is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA),” the Rewards for Justice said.

About the Author

Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: July 29, 2022

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.