07.17.22
Corvus Threat Intel

July 17, 2022: North Korea Using Ransomware Groups to Target Small Businesses, Healthcare

In separate reports, CISA and the Microsoft Threat Intelligence Center linked the Maui and H0lyGh0st ransomware gangs to North Korean nation-state actors. The two groups are targeting small businesses and the healthcare sector, respectively. In combination with the large cryptocurrency heists carried out by North Korean hackers such as Lazarus group, experts believe that these financially motivated cybercrimes are being propagated to support the country’s struggling economy.

Why This Matters

North Korea’s foray into digital extortion has no signs of slowing. The situation brings added complications for victims given the country’s comprehensive sanctions by the U.S Treasury Department. Since sanctions concerns may prohibit purchasing a decryptor from the cybercriminals, victims without viable backups may be severely impacted.

Additional Information:

[RELATED POST] August 1, 2022: Confluence Critical Vulnerability, Macros, & MSPs

August 1, 2022: Confluence Critical Vulnerability, Macros, & MSPs

From apps to MSPs, threat actors continue to find ways to gain entry into victims’ networks. 

[RELATED POST] July 25, 2022: DOJ Fund Recovery, the Dark Web Bargain Bin, VBA Macros Update

July 25, 2022: DOJ Fund Recovery, the Dark Web Bargain Bin, VBA Macros Update

Updates from Microsoft, new research on attack vectors, and good news from the Department of Justice.