North Korean Hackers Target US Health Providers With ‘Maui’ Ransomware
The Cybersecurity and Infrastructure Security Agency recently released a new advisory that suggests nation-state threat actors are leveraging the Maui ransomware to target organizations in the healthcare sector. In particular, the government agency believes that the nation-state hacking group is sponsored by the North Korean government. The document explains that intelligence obtained by the CISA, the FBI, and the Department of the Treasury, indicates that the threat actors have been conducting the campaigns since May or 2021.
The CISA says that the ransomware was designed for manual execution by a remote actor, in this case located in North Korea. In addition, it deploys a combination of Advanced Encryption Standard, RSA, and XOR encryption to encrypt the files and damage the target’s network. The authentication allocated to any given user dictates how much damage the hacker will be able to inflict. Therefore, the agencies recommend that companies in the healthcare industry take a zero-trust, identity-first approach.