Security News > 2022 > July > North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021.

The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.

In a sign that suggests active development, four different variants of the H0lyGh0st ransomware were churned out between June 2021 and May 2022 to target Windows systems: BTLC C.exe, HolyRS.exe, HolyLock.

The findings come a week after the U.S. cybersecurity, and intelligence agencies warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

The expansion from financial heists to ransomware is being viewed as yet another tactic sponsored by the North Korean government to offset losses from sanctions, natural disasters, and other economic setbacks.

"It is equally possible that the North Korean government is not enabling or supporting these ransomware attacks," the researchers said.

News URL

https://thehackernews.com/2022/07/north-korean-hackers-targeting-small.html