North Korea is deploying ransomware in the health care sector to supplement cyber ops against the U.S. and South Korean governments, according to a joint alert released Thursday from multiple U.S. and South Korean agencies.
Furthermore, the alert from the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services, the Republic of Korea’s Defense Security Agency and the National Intelligence Service warns that Pyongyang is using the illicit cryptocurrencies obtained from the attacks to support state-backed espionage operations that target U.S. defense networks and the defense industrial base.
The joint release is just the latest warning from U.S. government officials that ransomware attacks originating in North Korea have grown into a national security crisis. In fact, many cyber officials and lawmakers have called for additional regulations to ensure health care organizations are implementing proper cybersecurity protections to help defend against the ongoing scourge of ransomware.
John Hultquist, head of threat intelligence at the cybersecurity firm Mandiant, noted on Twitter that his company has connected the ransomware targeting hospitals to the threat group known as Andariel, which has caused major disruptions at health care facilities.
“Andariel does not appear to be focused on fund-raising like some of their peers. They are still carrying out the old school intelligence mission, targeting government, the defense sector, NGOs and others. They may be doing this just to keep the lights on,” Hultquist noted.
Thursday’s warning from government agencies follows a June alert by CISA, FBI and the Treasury Department detailing how North Korean state hackers are using the Maui ransomware to target the health care sector, too. However, the most recent notice says that North Korean hackers also used other types of ransomware such as H0lyGh0st and deploy encryption tools such as LockBit 2.0.
