Security News > 2022 > August > Maui ransomware operation linked to North Korean 'Andariel' hackers
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea.
State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.
Ariel has been linked to ransomware attacks in the recent past, targeting South Korean companies in media, construction, manufacturing, and network services.
Ariel has been linked to cyberattacks to perform espionage, data theft, data wiping, and operations to raise revenue for the North Korean government.
The FBI and CISA have previously issued warnings about the Maui ransomware, sharing indicators of compromise that pointed to North Korean threat actors.
The particular DTrack variant used in the attacks against the Japanese, Russian, Indian, and Vietnamese firms features a code similarity of 84% to samples directly linked to previous Andariel operations.
News URL
Related news
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- North Korean hackers stole $1.3 billion worth of crypto this year (source)
- North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin (source)
- FBI links North Korean hackers to $308 million crypto heist (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)