US State Department Places $10 Million Bounty on North Korean Hacking Groups

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

The US State Department offered up to a $10 million bounty in exchange for information on North Korean hacking groups associated with cyber-espionage, ransomware, cryptocurrency theft, and other illegal activities.

The agency previously posted a $5 million bounty in March for any insight into the financial dealings of North Korean state-sponsored threat actors.

“Up to $10M for information on DPRK-linked malicious #cyber activity & #cyberthreat actors,” read a tweet on Tuesday from the official US State Department Rewards for Justice Program’s account. “Got a tip on the Lazarus Group, Kimsuky, Bluenoroff, Andariel, or others? Send it to RFJ via our TOR-based tip line.”

However, the announcement on the official Rewards for Justice website revealed that the bounty has an even wider range. This reward doesn’t only apply to North Korea-backed hacker groups but also to other cybercriminal entities that threaten “U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).”

Rewards for Justice provided a Dark Web Tor-based tip-reporting channel in order to protect informers. The announcement also stated that eligible sources may benefit from cryptocurrency payment rewards and relocation, if deemed necessary.

The Department of State’s announcement comes after the FBI seized crypto assets worth $500,000 from members of the North Korean Maui ransomware gang last week. Maui is likely run by members of the infamous Lazarus Group (also known as APT38 or Hidden Cobra), which mainly focuses on attacking blockchain companies and crypto assets.

“Rewards for Justice is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA),” the Rewards for Justice said.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.