Report Provides Updates on July’s Maui Ransomware Incident
Cybersecurity researchers at Kaspersky have published a new advisory that reveals technical details and additional findings regarding a ransomware incident that was address by the Cybersecurity and Infrastructure Security Agency in July. The attack leveraged the Maui ransomware and was first identified by the CISA in May 2021. However, the Kaspersky report suggests that the ransomware was first identified in April of 2021. In addition, the report expands upon previous geolocation speculations to include Japan, India, Vietnam, and Russia.
Kaspersky wrote that because the compilation dates are the same for all known samples, it is likely that the incident in question is the first event involving the ransomware. In previous reports, the CISA did not provide a clear link between Maui and North Korea, however, Kaspersky was able to make a connection. Kaspersky Threat Attribution Engine, software that can identify the origins of a cyber threat, noticed that the DTrack malware provided by the victim contained a high degree of code similarity with previously discovered malware attributed to North Korean actors.