Malware

Overview of AhnLab’s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware

Feb 10 2023

On February 10, intelligence agencies from South Korea and the United States announced a cybersecurity advisory in regard to ransomware attacks from North Korea. It is the first joint report between the South Korean National Intelligence Service and the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) to raise awareness of cyberattacks from North Korea and protect both countries from ransomware.

Title: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Security Advisory:
- South Korea’s National Cyber Security Center (NCSC) Go to site
- United States’ Cybersecurity and Infrastructure Security Agency (CISA) Go to site

Agencies from South Korea and the United States determined that the ransomware cases of Maui and H0lyGh0st, which attacked institutions in charge of the United State’s medical and public health sectors as well as other crucial infrastructure, originated from North Korea. They then published relevant TTP (tactics, techniques, and procedures) data and indicators of compromise.

MD5

079b4588eaa99a1e802adf5e0b26d8aa

0e9e256d8173854a7bc26982b1dde783

12c15a477e1a96120c09a860c9d479b3

131fc4375971af391b459de33f81c253

17c46ed7b80c2e4dbea6d0e88ea0827c

Gain access to related IOCs and detailed analysis by subscribing to AhnLab TIP. For subscription details, click the banner below.

Overview of AhnLab’s Response to Joint Cybersecurity Advisory Between South Korea and the United States on North Korean Ransomware

PYbot DDoS Malware Being Distributed Disguised as a Discord Nitro Code Generator

HWP Malware Using the Steganography Technique: RedEyes (ScarCruft)