This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.
ADVERSARY: DPRK
INDUSTRIES: Critical Infrastructure, Healthcare, Public Health
TARGETED COUNTRIES: Korea, Republic of, United States of America
MALWARE FAMILIES: H0lyGh0st, Ryuk, DPRK, Maui
ATT&CK IDS: T1583 - Acquire Infrastructure, T1583.003 - Virtual Private Server, TA0001 - Initial Access, T1195 - Supply Chain Compromise, TA0007 - Discovery, TA0008 - Lateral Movement, TA0040 - Impact
Read More:
Comments