Security News > 2023 > February > North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations

North Korean Hackers Targeting Healthcare with Ransomware to Fund its Operations
2023-02-10 11:52

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory.

This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

Threat actors with North Korea have been linked to espionage, financial theft, and cryptojacking operations for years, including the infamous WannaCry ransomware attacks of 2017 that infected hundreds of thousands of machines located in over 150 countries.

North Korean nation-state crews have dabbled in multiple ransomware strains such as VHD, Maui, and H0lyGh0st to generate a steady stream of illegal revenues for the sanctions-hit regime.

In addition to using privately developed ransomware, the actors have been observed leveraging off-the-shelf tools like BitLocker, DeadBolt, ech0raix, Jigsaw, and YourRansom for encrypting files, not to mention even impersonating other ransomware groups such as REvil.

The alert comes as a new report from the United Nations found that North Korean hackers stole record-breaking virtual assets estimated to be worth between $630 million and more than $1 billion in 2022.


News URL

https://thehackernews.com/2023/02/north-korean-hackers-targeting.html