CyberNews Briefs

Report Provides Updates on July’s Maui Ransomware Incident

Cybersecurity researchers at Kaspersky have published a new advisory that reveals technical details and additional findings regarding a ransomware incident that was address by the Cybersecurity and Infrastructure Security Agency in July. The attack leveraged the Maui ransomware and was first identified by the CISA in May 2021. However, the Kaspersky report suggests that the ransomware was first identified in April of 2021. In addition, the report expands upon previous geolocation speculations to include Japan, India, Vietnam, and Russia.

Kaspersky wrote that because the compilation dates are the same for all known samples, it is likely that the incident in question is the first event involving the ransomware. In previous reports, the CISA did not provide a clear link between Maui and North Korea, however, Kaspersky was able to make a connection. Kaspersky Threat Attribution Engine, software that can identify the origins of a cyber threat, noticed that the DTrack malware provided by the victim contained a high degree of code similarity with previously discovered malware attributed to North Korean actors.

Read More: Report Provides Updates on July’s Maui Ransomware Incident

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.