Corvus Threat Intel
July 17, 2022: North Korea Using Ransomware Groups to Target Small Businesses, Healthcare
In separate reports, CISA and the Microsoft Threat Intelligence Center linked the Maui and H0lyGh0st ransomware gangs to North Korean nation-state actors. The two groups are targeting small businesses and the healthcare sector, respectively. In combination with the large cryptocurrency heists carried out by North Korean hackers such as Lazarus group, experts believe that these financially motivated cybercrimes are being propagated to support the country’s struggling economy.
Why This Matters
North Korea’s foray into digital extortion has no signs of slowing. The situation brings added complications for victims given the country’s comprehensive sanctions by the U.S Treasury Department. Since sanctions concerns may prohibit purchasing a decryptor from the cybercriminals, victims without viable backups may be severely impacted.
From apps to MSPs, threat actors continue to find ways to gain entry into victims’ networks.
Updates from Microsoft, new research on attack vectors, and good news from the Department of Justice.