Security News

The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups' members to $10 million. These increased bounties add to rewards of up to $5 million announced by the State Department in March for info on DPRK-backed threat actors targeting crypto exchanges and financial institutions worldwide to support the North Korean regime's illicit activities.

The U.S. Department of Justice has announced the seizure of $500,000 worth of Bitcoin from North Korean hackers who extorted digital payments from several organizations by using a new ransomware strain known as Maui. The DoJ did not disclose where the rest of the payments originated from.

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan capable of establishing persistence and performing privilege escalation on the host.

Why North Korean cybercriminals are targeting businesses with ransomware. What happens when a hostile nation-state sponsors that same tactic? A new report by the Microsoft Threat Intelligence Center examines a series of ransomware attacks with ties to North Korea.

SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.

An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a developing group of threat activity.

For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries.Researchers at Microsoft Threat Intelligence Center are tracking the Holy Ghost ransomware gang as DEV-0530.

For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. Researchers at Microsoft Threat Intelligence Center are tracking the Holy Ghost ransomware gang as DEV-0530.

The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.

The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.