The US Cybersecurity and Infrastructure Security Agency has released an advisory directed towards the critical infrastructure sector. The Cybersecurity Advisory (CSA) warns the entities of ongoing ransomware activity likely perpetrated by North Korean state-sponsored actors. The advisory comes as a result of collaboration between the CISA, the National Security Agency, the Federal Bureau of Investigation, the Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the ROK Defense Security Agency.
The latest advisory is a follow-up on a similar warning released in July that provided an overview of Korean state-sponsored ransomware groups. The main actors in the latest advisory are the Maui and H0lyGh0st groups, and the statement explains the groups’ tactics, techniques, procedures, and activity. The threat actors reportedly purchased virtual private networks and servers to hide their locations. To conduct attacks, the groups leverage common vulnerabilities to gain access and escalate network privileges.
Read More: US Warns Critical Sectors Against North Korean Ransomware Attacks