Security News > 2023 > February > North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations
US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy "State-sponsored" ransomware on hospitals and other organizations that can be considered part of the countries' critical infrastructure.
"The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments-specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the advisory points out.
Simultaneously, South Korea imposed sanctions on four North Korean individuals and seven entities for their involvement in these and other state-sanctioned cybercrimes, the proceeds of which are used to fund North Korean nuclear and military programs.
The attackers' TTPs. These North Korean threat actors generate domains, personas, and accounts and pay for them with stolen cryptocurrency or cryptocurrency received as ransom for encrypted data, the agencies say.
Operational mistakes occasionally give them away: In a recently documented campaign targeting public and private sector research organizations and the medical research and energy sector, for example, researchers found one of the webshells connecting to a North Korean state internet IP address.
Mandiant Threat Intelligence head John Hultquist noted on Thursday that several hospitals have had to weather major disruptions due to to this North Korean campaign, and that much of this activity has been obscured because "Hospitals pay or quietly repair and few report."
News URL
Related news
- US charges Phobos ransomware admin after South Korea extradition (source)
- Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict (source)
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- US government, energy sector contractor hit by ransomware (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- Anna Jaques Hospital ransomware breach exposed data of 300K patients (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)