Ransomware, Threat Management
Maui ransomware attributed to Andariel hacking operation
Share
North Korean state-sponsored hacking group Andariel, also known as Stonefly, has been named by Kaspersky researchers to be behind the Maui ransomware attacks launched primarily against U.S. healthcare organizations beginning in April 2021, BleepingComputer reports.
Kaspersky researchers have established the correlation based on an earlier Maui attack aimed at a Japanese housing firm, as well as other attacks reported in Russia, India, and Vietnam.
Attackers that compromised the Japanese firm were discovered to have deployed the DTrack malware prior to file encryption, while the company's network was found to have the 3Proxy tool months before the attack. The Indian, Vietnamese, and Russian firms were also impacted by the same DTrack variant, which had an 84% code similarity to samples associated with previous Andariel attacks, according to the report.
Andariel attack techniques, including WebLogic vulnerability exploitation, was also observed in the attacks.
Financial service providers, as well as government, state, and army entities have been attacked by Andariel since 2015, with the operation among the hacking groups included in the U.S. State Department's bounty program.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Related Terms
BackdoorBotnetBrute ForceCorruptionCovert ChannelsDeauthentication AttackDeepfakeDenial of ServiceDictionary AttackDisruptionGet daily email updates
SC Media's daily must-read of the most current and pressing daily news