Federal agencies issued an alert warning of state-sponsored North Korean actors using the Maui ransomware to target the health sector. Pictured: A flag of North Korea waves in the wind on a post at the North Korean Embassy on March 27, 2019, in Madrid. (Photo by Pablo Blazquez Dominguez/Getty Images)Cyber actors sponsored by the North Korean government are using the Maui ransomware to target the health sector in the United States, federal agencies warned Wednesday in a joint alert.The FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury released the alert detailing the tactics, techniques and procedures (TTPs) that indicate a compromise (IoCs) by the Maui ransomware. The North Korean threat actors have targeted multiple healthcare organizations since May 2021 with the ransomware to encrypt servers responsible for services, including electronic health records services, diagnostic services, imaging services and intranet services, according to the FBI.
The agencies discourage paying ransoms since it does not guarantee files will be recovered and may pose a sanctions risk, according to the alert.View joint alert AA22-187A for details of TTPs, IoCs and mitigation suggestions.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
All of the information posted by the daughter of Baidu Vice President Xie Guangjun has been procured from foreign platforms' "doxing databases," said Baidu.
Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.
Threat actors have leveraged fake mailing-related apps to facilitate the distribution of Betruger, which has been integrated with network scanning, keylogging, privilege escalation, credential dumping, and other capabilities prevalent in tools often distributed prior to ransomware deployment.
