Maui ransomware linked to North Korean group Andariel

2022-08-10 18:14

The Maui ransomware that has been used against US healthcare operations has been linked to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group.

Ariel has been active since 2015, running attacks to steal data and bring in revenue for the North Korean regime.

Last month, the US State Department included Andariel in a list of North Korean state-sponsored threat groups - including Lazarus as well as BlueNoroff, Guardians of Peace, and Kimsuky - that the agency is targeting with a $10 million reward for information about the gangs and their operators.

The US Cybersecurity and Infrastructure Security Agency and FBI in early July issued a warning about Maui, noting its connection to North Korean threat groups and its targeting of US healthcare organizations.

Kaspersky researchers said they linked Andariel to Maui through the use of the DTrack malware in the Japan incident and noted that the same DTrack variant was used in other attacks in Russia, Vietnam, and India during the same timeframe.

The Maui attack on the Japanese housing organization was "Remarkably similar" to past operations by Andariel, according to the researchers.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/08/10/maui_ransomware_andariel/

#northkorean #ransomware