{"id":8025,"date":"2023-02-10T02:08:43","date_gmt":"2023-02-09T17:08:43","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8025"},"modified":"2023-03-02T02:23:04","modified_gmt":"2023-03-01T17:23:04","slug":"cisa-releases-cybersecurity-advisory-against-north-korean-ransomware-activity","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/cisa-releases-cybersecurity-advisory-against-north-korean-ransomware-activity\/","title":{"rendered":"CISA releases cybersecurity advisory against North Korean ransomware activity"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8025\" class=\"elementor elementor-8025\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0c92e49 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0c92e49\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-df97a35\" data-id=\"df97a35\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0db3a8c elementor-widget elementor-widget-text-editor\" data-id=\"0db3a8c\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 9th of February 2023, the U.S. Cybersecurity &amp; Infrastructure Security Agency (CISA) released a new cybersecurity advisory that describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The advisory also noted that the funds that were extorted, were being used to support the North Korean government&#8217;s national-level priorities and objectives.<\/p><p>This advisory was released in coordination with the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) with the goal of providing key cyber threat information to help security professionals and organisations to detect and counter against ransomware attack attempts from North Korean threat actors.<\/p><p>The advisory stated that the CISA found that the threat actors had used both privately-developed lockers as well as a dozen other strains of file-encrypting malware to attack South Korean and U.S. healthcare systems. Some of the publicly available encryption tools\/malware used included:<\/p><ul><li>BitLocker (abused of a legitimate tool)<\/li><li>Deadbolt<\/li><li>ech0raix<\/li><li>GonnaCry<\/li><li>Hidden Tear<\/li><li>Jigsaw<\/li><li>LockBit 2.0<\/li><li>My Little Ransomware<\/li><li>NxRansomware<\/li><li>Ryuk<\/li><li>YourRansom<\/li><\/ul><p>At the end of the advisory, CISA recommended that healthcare organizations implement security measures like multi-factor authentication (MFA) for account protection, encrypted connectivity, turn off unused interfaces, use network traffic monitoring tools, follow least privilege principles, and apply the available security updates on all software products they use.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 9th of February 2023, the U.S. Cybersecurity &amp; Infrastructure Security Agency (CISA) released a new cybersecurity advisory that describes recently observed tactics, techniques, and procedures (TTPs) observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The advisory also noted that the funds that were extorted, were being used to support the North Korean<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,12,9,2,7,8,1],"tags":[],"class_list":["post-8025","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-read_article","category-ransomware_criminals","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2023\/03\/Picture1-5.jpg?fit=1376%2C1031&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8025"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8025"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8025\/revisions"}],"predecessor-version":[{"id":8034,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8025\/revisions\/8034"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8030"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}