The United States and South Korea have issued a joint advisory on ransomware attacks on critical infrastructure that are funding North Korea’s malicious cyber activities.
North Korean government-backed threat actors have been using ransomware in attacks against critical infrastructure for years, with at least two ransomware families attributed to them, namely Maui and H0lyGh0st.
In July last year, the US government issued a warning on North Korea’s use of Maui ransomware in attacks targeting healthcare and public health sectors.
This week, the US and South Korea issued an updated advisory, warning that North Korea is relying on ransomware attacks against healthcare and other critical infrastructure organizations to fund various objectives, including malicious cyber operations.
Typically, after compromising an organization’s network, the threat actors deploy ransomware and use it to encrypt the victim’s files. The attackers then demand a ransom to be paid in cryptocurrency in exchange for a decryption key.
“The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments,” the alert reads.
As part of the observed ransomware operations, the North Korean threat actors build infrastructure (domains, online personas and accounts) and rely on cryptocurrency services to receive ransom proceeds that are then used to procure infrastructure for other malicious activities.
The attackers attempt to hide their identity by operating with or under third-party foreign affiliate identities, use intermediaries to receive ransom payments, and use virtual private netw ..
Support the originator by clicking the read the rest link below.
