The FBI, CISA, and the U.S. Treasury Department issued a joint advisory warning that North Korean state-sponsored cyber actors are targeting the Healthcare and Public Health (HPH) Sector organizations in the US by using the Maui ransomware.
According to the document the threat actors have been engaging in these campaigns since at least May 2021.
The North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health records services, diagnostics services, imaging services and intranet services.
In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods.
According to CISA, the ransomware appears to be designed for manual execution by a remote actor. It would also use a combination of Advanced Encryption Standard (AES), RSA and XOR encryption to encrypt target files.
Maui also stands out compared to other ransomware strains by not dropping a ransom note on encrypted systems to provide victims with data recovery instructions.
While the initial access vectors for Maui-related incidents are currently unknown, HPH organizations can take various steps to limit the impact of its cyber-attacks.
These include installing updates for operating systems, software and firmware as soon as they are released, securing and monitoring remote desktop protocol (RDP) and other potentially risky services closely and implementing user training programs and phishing exercises.
CISA also recommends the use of multi-factor authentication (MFA) for as many services as possible, auditing user accounts with administrative or elevated privileges and installing and regularly updating antivirus and antimalware software on all hosts, among other things.
The post North Korean hackers target US healthcare organizations first appeared on Cybersafe News.