Ransomware, Threat Management

Federal agencies warn of North Korean threat actors targeting US health sector

Share
Federal agencies issued an alert warning of state-sponsored North Korean actors using the Maui ransomware to target the health sector. Pictured: A flag of North Korea waves in the wind on a post at the North Korean Embassy on March 27, 2019, in Madrid. (Photo by Pablo Blazquez Dominguez/Getty Images)
Federal agencies issued an alert warning of state-sponsored North Korean actors using the Maui ransomware to target the health sector. Pictured: A flag of North Korea waves in the wind on a post at the North Korean Embassy on March 27, 2019, in Madrid. (Photo by Pablo Blazquez Dominguez/Getty Images)

Cyber actors sponsored by the North Korean government are using the Maui ransomware to target the health sector in the United States, federal agencies warned Wednesday in a joint alert.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released the alert detailing the tactics, techniques and procedures (TTPs) that indicate a compromise (IoCs) by the Maui ransomware. 

The North Korean threat actors have targeted multiple healthcare organizations since May 2021 with the ransomware to encrypt servers responsible for services, including electronic health records services, diagnostic services, imaging services and intranet services, according to the FBI. 

The agencies discourage paying ransoms since it does not guarantee files will be recovered and may pose a sanctions risk, according to the alert.

View joint alert AA22-187A for details of TTPs, IoCs and mitigation suggestions.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Related

Novel ShrinkLocker ransomware decryptor unveiled

Attacks with ShrinkLocker, which leverages Microsoft BitLocker for accelerated drive encryption and a random password for re-encryption in Windows 7 and 8 or Windows Server 2008 and 2012 systems, have been deployed against organizations in Mexico, Jordan, and Indonesia, with the payload gaining traction among less sophisticated threat operations due to its simplicity.

Chinese malware attack hits Tibetan websites

TAG-112 may be a subgroup of Chinese advanced persistent threat group Evasive Panda, also known as TAG-102 and StormBamboo, due to significant similarities in attack tactics, techniques, and procedures, an analysis from Recorded Future's Insikt Group revealed.

Related Events

Related Terms

BackdoorBotnetCorruptionDNS SpoofingDeauthentication AttackDictionary AttackDistributed ScansDomain HijackingDrive-by DownloadDumpSec

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.