Security News > 2022 > August > Experts Uncover Details on Maui Ransomware Attack by North Korean Hackers
The first ever incident possibly involving the ransomware family known as Maui occurred on April 15, 2021, aimed at an unnamed Japanese housing company.
The disclosure from Kaspersky arrives a month after U.S. cybersecurity and intelligence agencies issued an advisory about the use of the ransomware strain by North Korean government-backed hackers to target the healthcare sector since at least May 2021.
Much of the data about its modus operandi came from incident response activities and industry analysis of a Maui sample that revealed a lack of "Several key features" typically associated with ransomware-as-a-service operations.
Subsequently, the Justice Department announced the seizure of $500,000 worth of Bitcoin that were extorted from several organizations, including two healthcare facilities in the U.S. states of Kansas and Colorado, by using the ransomware strain.
While these attacks have been pinned on North Korean advanced persistent threat groups, the Russian cybersecurity firm has linked the cybercrime with low to medium confidence to a Lazarus subgroup known as Andariel, also known as Operation Troy, Silent Chollima, and Stonefly.
"Approximately ten hours prior to deploying Maui to the initial target system , the group deployed a variant of the well-known Dtrack malware to the target, preceded by 3proxy months earlier," Kaspersky researchers Kurt Baumgartner and Seongsu Park said.
News URL
https://thehackernews.com/2022/08/experts-uncover-details-on-maui.html
Related news
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Ransomware can mean life or death at hospitals. DEF CON hackers to the rescue? (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)