Security News > 2022 > August > Maui ransomware operation linked to North Korean 'Andariel' hackers
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea.
State-sponsored North Korean hackers are notorious for orchestrating campaigns with financial motives, so running their own ransomware operation matches their overall strategic goals.
Ariel has been linked to ransomware attacks in the recent past, targeting South Korean companies in media, construction, manufacturing, and network services.
Ariel has been linked to cyberattacks to perform espionage, data theft, data wiping, and operations to raise revenue for the North Korean government.
The FBI and CISA have previously issued warnings about the Maui ransomware, sharing indicators of compromise that pointed to North Korean threat actors.
The particular DTrack variant used in the attacks against the Japanese, Russian, Indian, and Vietnamese firms features a code similarity of 84% to samples directly linked to previous Andariel operations.
News URL
Related news
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- North Korean Hackers Disguised as IT Workers Targeting UK, European Companies, Google Finds (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)