Security News > 2022 > August > Maui ransomware operation linked to North Korean 'Andariel' hackers
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea.
State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.
Ariel has been linked to ransomware attacks in the recent past, targeting South Korean companies in media, construction, manufacturing, and network services.
Ariel has been linked to cyberattacks to perform espionage, data theft, data wiping, and operations to raise revenue for the North Korean government.
The FBI and CISA have previously issued warnings about the Maui ransomware, sharing indicators of compromise that pointed to North Korean threat actors.
The particular DTrack variant used in the attacks against the Japanese, Russian, Indian, and Vietnamese firms features a code similarity of 84% to samples directly linked to previous Andariel operations.
News URL
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)