US and South Korean cybersecurity and intelligence agencies warn in joint advisory that North Korean state-sponsored hackers are conducting ransomware attacks against medical facilities and critical infrastructure to fund illegal activities bottom.
The attack, which demands a cryptocurrency ransom in exchange for regaining access to encrypted files, is designed to support North Korea’s state-level priorities and objectives.
This “includes cyber operations targeting the U.S. and South Korean governments. Specific targets include the Department of Defense Information Network and Defense Industrial Base member networks,” the official said. Said.
North Korean threat actors linked This includes the infamous WannaCry ransomware attack in 2017 that infected hundreds of thousands of machines in over 150 countries.
Since then, the North Korean nation-state crew has dabbled in multiple ransomware strains such as VHD, Maui, and H0lyGh0st to consistently generate illicit revenue for the sanctioned regime.
Attackers are known to operate under the identities of third-party foreign affiliates to conceal their involvement, as well as procure infrastructure through cryptocurrencies generated through their criminal activities.
The attack chain launched by the hacking crew includes Apache Log4j, SonicWall, and TerraMaster NAS appliances (e.g. CVE 2021-44228, CVE-2021-20038and CVE-2022-24990) gain initial access and track it through reconnaissance, lateral movement, and ransomware deployment.
In addition to using privately-developed ransomware, attackers have been observed using commercial tools such as BitLocker, DeadBolt, ech0raix, Jigsaw, and YourRansom to encrypt files. It even impersonates other ransomware groups such as REvil.
As a mitigation, agencies should implement the principle of least privilege, disable unnecessary network device management interfaces, enforce multi-layered network segmentation, require phishing-resistant authentication controls, and maintain regular data backups. We encourage organizations to do so.
The alert comes as a new United Nations report finds that North Korean hackers have stolen record-breaking crypto assets estimated to be worth between $630 million and more than $1 billion in 2022. rice field.
report, The Associated Press sawattackers used increasingly sophisticated techniques to access digital networks involved in cyberfinance and steal information from governments, companies, and individuals that could help North Korea’s nuclear and ballistic missile programs. .
It further called out Kimsk, Lazarus Group, and Andariel, part of the Reconnaissance General Authority (RGB), to continue targeting victims for the purpose of generating revenue Information solicitation Something of value to the Hermit Kingdom.