N.Korean Hackers Target US Health Providers With Ransomware

Uploaded on 2022-07-13 in INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

North Korea-sponsored hackers have been targeting the healthcare and public health sector in the US for more than a year, according to a July 6 alert from the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the Department of the Treasury.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new advisory that suggests nation-state threat actors are leveraging the Maui ransomware to target organisations in the healthcare sector.

According to the document the threat actors have been engaging in these campaigns since at least May 2021.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services and intranet services,” says the release. “The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks... In some cases, these incidents disrupted the services provided by the targeted HPH Sector organisations for prolonged periods.” 

In particular, the US government agency believes that the nation-state hacking group is sponsored by the North Korean government.

The CISA document explains that intelligence obtained by the CISA, the FBI, and the Department of the Treasury, indicates that the threat actors have been conducting the campaigns since May or 2021. CISA says that the ransomware was designed for manual execution by a remote actor, in this case located in North Korea. In addition, it deploys a combination of Advanced Encryption Standard, RSA, and XOR encryption to encrypt the files and damage the target’s network. The authentication allocated to any given user dictates how much damage the hacker will be able to inflict. 

The US security agencies recommend that companies in the healthcare industry take a strict zero-trust approach.

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, or benign samples of encrypted files. 
“As stated above, the FBI discourages paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. 

Regardless of whether victim organisations have decided to pay the ransom, the FBI, CISA, and Treasury urge them to promptly report ransomware incidents to the FBI.

The US government’s latest warning follows a sequence of high-profile cyber attacks targeting healthcare organisations. University Medical Center Southern Nevada was hacked by ransomware in August 2021 that compromised files containing protected health information and Boston Children's hospital suffered a breach to its systems in June.  

CISA:    Korea Herald:    PCMag:   Healthcare IT NewsTechcrunch:   Oodaloop:   

Infosecurity Magazine:    Metro:     

You Might Also Read: 
 

« Exposed: Sensitive Data Of 146,000 Aon Customers
Creating A Security Awareness Training Program »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Deloitte

Deloitte

Deloitte consultancy areas include cyber risk which covers cyber security, information security, data privacy and protection.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Total Defense

Total Defense

Total Defense solutions include anti-malware, anti-virus, intrusion prevention & mobile security.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

HumanFirewall

HumanFirewall

Your secuirty is dorectly proportional to the awareness of your employees. Use Phishing simulation across your organization to train & profile user behavior.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

Swarmnetics

Swarmnetics

Swarmnetics helps customers discover hard-to-find software vulnerabilities by hacking your system before the bad guys do.

Private Machines

Private Machines

Private Machines develops unique patent-pending technology protects cloud and data center workloads.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Appdetex

Appdetex

Appdetex is a global leader in securing your brand’s digital footprint. We are a full-service brand protection company in the online and mobile brand protection space.