top of page
Search
Writer's pictureStormsec

#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

This CSA provides an overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware and updates the July 6, 2022, joint CSA North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. This advisory highlights TTPs and IOCs DPRK cyber actors used to gain access to and conduct ransomware attacks against Healthcare and Public Health (HPH) Sector organizations and other critical infrastructure sector entities, as well as DPRK cyber actors’ use of cryptocurrency to demand ransoms.




ADVERSARY: DPRK




MALWARE FAMILIES: H0lyGh0st, Ryuk, DPRK, Maui


ATT&CK IDS: T1583 - Acquire Infrastructure, T1583.003 - Virtual Private Server, TA0001 - Initial Access, T1195 - Supply Chain Compromise, TA0007 - Discovery, TA0008 - Lateral Movement, TA0040 - Impact


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page