N.Korean Hackers Target US Health Providers With Ransomware

Uploaded on 2022-07-13 in INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

North Korea-sponsored hackers have been targeting the healthcare and public health sector in the US for more than a year, according to a July 6 alert from the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the Department of the Treasury.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new advisory that suggests nation-state threat actors are leveraging the Maui ransomware to target organisations in the healthcare sector.

According to the document the threat actors have been engaging in these campaigns since at least May 2021.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services and intranet services,” says the release. “The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks... In some cases, these incidents disrupted the services provided by the targeted HPH Sector organisations for prolonged periods.” 

In particular, the US government agency believes that the nation-state hacking group is sponsored by the North Korean government.

The CISA document explains that intelligence obtained by the CISA, the FBI, and the Department of the Treasury, indicates that the threat actors have been conducting the campaigns since May or 2021. CISA says that the ransomware was designed for manual execution by a remote actor, in this case located in North Korea. In addition, it deploys a combination of Advanced Encryption Standard, RSA, and XOR encryption to encrypt the files and damage the target’s network. The authentication allocated to any given user dictates how much damage the hacker will be able to inflict. 

The US security agencies recommend that companies in the healthcare industry take a strict zero-trust approach.

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, or benign samples of encrypted files. 
“As stated above, the FBI discourages paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. 

Regardless of whether victim organisations have decided to pay the ransom, the FBI, CISA, and Treasury urge them to promptly report ransomware incidents to the FBI.

The US government’s latest warning follows a sequence of high-profile cyber attacks targeting healthcare organisations. University Medical Center Southern Nevada was hacked by ransomware in August 2021 that compromised files containing protected health information and Boston Children's hospital suffered a breach to its systems in June.  

CISA:    Korea Herald:    PCMag:   Healthcare IT NewsTechcrunch:   Oodaloop:   

Infosecurity Magazine:    Metro:     

You Might Also Read: 
 

« Exposed: Sensitive Data Of 146,000 Aon Customers
Creating A Security Awareness Training Program »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

Cysmo Cyber Risk

Cysmo Cyber Risk

Cysmo is an innovative cyber risk assessment platform specifically designed for the needs of the German insurance industry.

Cloudbox

Cloudbox

Cloudbox build and maintain a highly secure, compliant IT infrastructure for our clients – with total peace of mind – so they can focus on the market.