Security News > 2023 > February > North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory.
This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.
Threat actors with North Korea have been linked to espionage, financial theft, and cryptojacking operations for years, including the infamous WannaCry ransomware attacks of 2017 that infected hundreds of thousands of machines located in over 150 countries.
North Korean nation-state crews have dabbled in multiple ransomware strains such as VHD, Maui, and H0lyGh0st to generate a steady stream of illegal revenues for the sanctions-hit regime.
In addition to using privately developed ransomware, the actors have been observed leveraging off-the-shelf tools like BitLocker, DeadBolt, ech0raix, Jigsaw, and YourRansom for encrypting files, not to mention even impersonating other ransomware groups such as REvil.
The alert comes as a new report from the United Nations found that North Korean hackers stole record-breaking virtual assets estimated to be worth between $630 million and more than $1 billion in 2022.
News URL
https://thehackernews.com/2023/02/north-korean-hackers-targeting.html
Related news
- North Korean hackers now launder stolen crypto via YoMix tumbler (source)
- North Korean hackers linked to defense sector supply-chain attack (source)
- New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide (source)
- North Korean Hackers Targeting Developers with Malicious npm Packages (source)
- FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (source)
- Japan warns of malicious PyPi packages created by North Korean hackers (source)
- Ransomware gang claims they stole 6TB of Change Healthcare data (source)
- The Week in Ransomware - March 1st 2024 - Healthcare under siege (source)
- Uncle Sam intervenes as Change Healthcare ransomware fiasco creates mayhem (source)
- Possible China link to Change Healthcare ransomware attack (source)