Menu
On Thursday 9th of February 2023, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a new cybersecurity advisory that describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The advisory also noted that the funds that were extorted, were being used to support the North Korean government’s national-level priorities and objectives.
This advisory was released in coordination with the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) with the goal of providing key cyber threat information to help security professionals and organisations to detect and counter against ransomware attack attempts from North Korean threat actors.
The advisory stated that the CISA found that the threat actors had used both privately-developed lockers as well as a dozen other strains of file-encrypting malware to attack South Korean and U.S. healthcare systems. Some of the publicly available encryption tools/malware used included:
At the end of the advisory, CISA recommended that healthcare organizations implement security measures like multi-factor authentication (MFA) for account protection, encrypted connectivity, turn off unused interfaces, use network traffic monitoring tools, follow least privilege principles, and apply the available security updates on all software products they use.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
