07.17.22

Corvus Threat Intel

North Korea Using Ransomware Groups to Target Small Businesses, Healthcare

In separate reports, CISA and the Microsoft Threat Intelligence Center linked the Maui and H0lyGh0st ransomware gangs to North Korean nation-state actors. 

The two groups are targeting small businesses and the healthcare sector, respectively. In combination with the large cryptocurrency heists carried out by North Korean hackers such as Lazarus group, experts believe that these financially motivated cybercrimes are being propagated to support the country’s struggling economy.

Why This Matters

North Korea’s foray into digital extortion has no signs of slowing. The situation brings added complications for victims given the country’s comprehensive sanctions by the U.S Treasury Department. Since sanctions concerns may prohibit purchasing a decryptor from the cybercriminals, victims without viable backups may be severely impacted.

Additional Information:

 


This blog post and its contents are intended for general guidance and informational purposes only. This blog post is under no circumstances intended to be used or considered as specific insurance or information security advice.

 

[RELATED POST] Hive Ransomware, Holiday Phishing Scams, & Amazon RDS Leaks Data

Hive Ransomware, Holiday Phishing Scams, & Amazon RDS Leaks Data

Hive ransomware makes a profit, phishing for the holidays, and Amazon RDS leaks personal data.

[RELATED POST] Exploiting Zero Days, Citrix Vulnerability, and SEO Poisoning

Exploiting Zero Days, Citrix Vulnerability, and SEO Poisoning

Attackers are exploiting zero-days faster, Citrix vulnerability, and SEO poisoning attack.