The U.S. states that North Korean-backed hackers are targeting the healthcare sector with ransomware


North Korean state-sponsored cyber attackers have been targeting US hospitals and medical facilities with ransomware since May 2021, according to US intelligence.

The FBI, Treasury, and Cyber ​​Security and Infrastructure Security Agency (CISA) Joint advisory About “Maui” ransomware on July 6th.

Authorities suspect that hackers have deployed Maui’s ransomware to encrypt servers responsible for medical services such as medical records, medical images, and intranet systems, and demanding ransom from victims.

“A North Korean country-sponsored cyber attacker may assume that medical institutions are willing to pay the ransom because they provide services that are essential to human life and health,” the advisory said. Says.

“Because of this assumption, the FBI, CISA, and the Treasury are likely to continue to target actors sponsored by the North Korean state. [health care and public health] Sector organization. “

Advisory states that in several cases reported to authorities, Maui’s ransomware disrupted “long-term” medical services, and the initial access vector for these cases is unknown.

Authorities warned that paying the ransom does not guarantee file recovery. Rather, it boldly targets the enemy to more organizations, encourages other criminals to distribute ransomware, and funds illegal activities.

According to the advisory, Maui’s ransomware is manually manipulated by remote actors using a “command line interface” to interact with the malware and identify the files to be encrypted.

Cyber ​​security company Stairwell That report About ransomware that “Maui’s ransomware has many unknown aspects such as usage status.”

The US government has accused North Korea of ​​many of the hottest cyber attacks in recent years, including the multi-million dollar crypto robbery of Axie Infinity, a game where players can earn crypto tokens.

The Director of National Intelligence of the Intelligence said in the 2021 Annual Threat Assessment Report:pdf) “North Korea’s cyber programs increase the threat of espionage, theft and attacks.”

“North Korea is cyber-thefting financial institutions and crypto exchanges around the world, possibly stealing hundreds of millions of dollars to fund government priorities such as nuclear and missile programs. There is, “the report said.

Aldograph Redley


Aldgra Fredly is a Malaysia-based freelance writer featuring the Epoch Times Asia Pacific News.