Security News > 2022 > August > Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers

The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company.

The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.

Much of the data about its modus operandi came from incident response activities and industry analysis of a Maui sample that revealed a lack of "Several key features" typically associated with ransomware-as-a-service operations.

Subsequently, the Justice Department announced the seizure of $500,000 worth of Bitcoin that were extorted from several organizations, including two healthcare facilities in the U.S. states of Kansas and Colorado, by using the ransomware strain.

While these attacks have been pinned on North Korean advanced persistent threat groups, the Russian cybersecurity firm has linked the cybercrime with low to medium confidence to a Lazarus subgroup known as Andariel, also known as Operation Troy, Silent Chollima, and Stonefly.

"Approximately ten hours prior to deploying Maui to the initial target system , the group deployed a variant of the well-known Dtrack malware to the target, preceded by 3proxy months earlier," Kaspersky researchers Kurt Baumgartner and Seongsu Park said.

News URL

https://thehackernews.com/2022/08/experts-uncover-details-on-maui.html