N.Korean Hackers Target US Health Providers With Ransomware

Uploaded on 2022-07-13 in INTELLIGENCE-Hot Spots-North Korea, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Hackers

North Korea-sponsored hackers have been targeting the healthcare and public health sector in the US for more than a year, according to a July 6 alert from the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the Department of the Treasury.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new advisory that suggests nation-state threat actors are leveraging the Maui ransomware to target organisations in the healthcare sector.

According to the document the threat actors have been engaging in these campaigns since at least May 2021.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services and intranet services,” says the release. “The FBI, CISA, and Treasury highly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks... In some cases, these incidents disrupted the services provided by the targeted HPH Sector organisations for prolonged periods.” 

In particular, the US government agency believes that the nation-state hacking group is sponsored by the North Korean government.

The CISA document explains that intelligence obtained by the CISA, the FBI, and the Department of the Treasury, indicates that the threat actors have been conducting the campaigns since May or 2021. CISA says that the ransomware was designed for manual execution by a remote actor, in this case located in North Korea. In addition, it deploys a combination of Advanced Encryption Standard, RSA, and XOR encryption to encrypt the files and damage the target’s network. The authentication allocated to any given user dictates how much damage the hacker will be able to inflict. 

The US security agencies recommend that companies in the healthcare industry take a strict zero-trust approach.

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, bitcoin wallet information, the decryptor file, or benign samples of encrypted files. 
“As stated above, the FBI discourages paying ransoms. Payment does not guarantee files will be recovered and may embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. 

Regardless of whether victim organisations have decided to pay the ransom, the FBI, CISA, and Treasury urge them to promptly report ransomware incidents to the FBI.

The US government’s latest warning follows a sequence of high-profile cyber attacks targeting healthcare organisations. University Medical Center Southern Nevada was hacked by ransomware in August 2021 that compromised files containing protected health information and Boston Children's hospital suffered a breach to its systems in June.  

CISA:    Korea Herald:    PCMag:   Healthcare IT NewsTechcrunch:   Oodaloop:   

Infosecurity Magazine:    Metro:     

You Might Also Read: 
 

« Exposed: Sensitive Data Of 146,000 Aon Customers
Creating A Security Awareness Training Program »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

International Cybersecurity Forum (FIC)

International Cybersecurity Forum (FIC)

The International Cybersecurity Forum (FIC) has established itself as the benchmark event in Europe in terms of digital security and trust.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.