Security News
SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries.Researchers at Microsoft Threat Intelligence Center are tracking the Holy Ghost ransomware gang as DEV-0530.
For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. Researchers at Microsoft Threat Intelligence Center are tracking the Holy Ghost ransomware gang as DEV-0530.
The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.
The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services-including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities noted.
For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday. Uncle Sam's Cybersecurity and Infrastructure Security Agency, the FBI, and the Treasury Department issued a joint advisory outlining a Pyongyang-orchestrated ransomware campaign that has been underway at least since May, 2021.
The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week.
North Korean IT workers are taking advantage of the worldwide shortage of skilled individuals - as well as remote working become a logical option for these types of jobs in the current post-pandemic world - to apply for software development and other IT jobs with companies around the world. "Although DPRK IT workers normally engage in non-malicious IT work, such as the development of a virtual currency exchange or a website, they have used the privileged access gained as contractors to enable DPRK's malicious cyber intrusions," the federal agencies have noted.