Security News > 2023 > February > North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy "State-sponsored" ransomware on hospitals and other organizations that can be considered part of the countries' critical infrastructure.

"The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments-specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the advisory points out.

Simultaneously, South Korea imposed sanctions on four North Korean individuals and seven entities for their involvement in these and other state-sanctioned cybercrimes, the proceeds of which are used to fund North Korean nuclear and military programs.

The attackers' TTPs. These North Korean threat actors generate domains, personas, and accounts and pay for them with stolen cryptocurrency or cryptocurrency received as ransom for encrypted data, the agencies say.

Operational mistakes occasionally give them away: In a recently documented campaign targeting public and private sector research organizations and the medical research and energy sector, for example, researchers found one of the webshells connecting to a North Korean state internet IP address.

Mandiant Threat Intelligence head John Hultquist noted on Thursday that several hospitals have had to weather major disruptions due to to this North Korean campaign, and that much of this activity has been obscured because "Hospitals pay or quietly repair and few report."

News URL

https://www.helpnetsecurity.com/2023/02/10/north-korea-targets-us-south-korean-hospitals-with-ransomware-to-fund-further-cyber-operations/