Security News > 2022 > July > Emerging H0lyGh0st Ransomware Tied to North Korea
Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year.
A group tracked by researchers from Microsoft Threat Intelligence Center as DEV-0530 but that calls itself H0lyGh0st has been developing and using ransomware in attacks since June 2021.
On its website, H0lyGh0st claims that it won't sell or publish victim data if they pay, researchers said.
H0lyGh0st's ransomware campaigns are financially motivated, with researchers observing text linked to a ransom note that they intercepted in which attackers claim they aim to "Close the gap between the rich and poor," researchers said.
Since it began using ransomware in June 2021 and until May 2022, H0lyGh0st has employed two custom-developed malware families-SiennaPurple and SiennaBlue, researchers said.
Though new Go functions have been added to the various variants over time, all the ransomware in the SiennaBlue family share the same core Go functions, researchers observed.
News URL
https://threatpost.com/h0lygh0st-ransomware-north-korea/180232/
Related news
- US govt says North Korea stole over $659 million in crypto last year (source)
- Crypto klepto North Korea stole $659M over just 5 heists last year (source)
- I'm a security expert, and I almost fell for a North Korea-style deepfake job applicant …Twice (source)
- North Korea targets crypto developers via NPM supply chain attack (source)