Joint Cybersecurity Advisory on the DPRK Cyber Actors’ Threat to Critical Infrastructure

By Alvaro Marañon
Wednesday, July 6, 2022, 3:56 PM

On July 6, the Cybersecurity and Infrastructure Security Agency (CISA), Department of Treasury, and the FBI released a joint cybersecurity advisory on the Maui ransomware that “has been used by North Korean state-sponsored cyber actors since at least May 2021 to target” the healthcare and public health sector. 

The advisory urges organizations to apply a series of mitigations and provides an overview of additional recommendations to “prepare for, mitigate/prevent, and respond to ransomware incidents.” The advisory notes that the FBI has observed and monitored the ransomware strain since May 2021, describing how the cyber actors used the ransomware to “encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services.” Interestingly, another threat report of the Maui ransomware noted a lack of several features commonly seen with other ransomware-as-a-service providers such as a lack of a ransom note with recovery instructions, possibly indicating that the strain is manually operated. 

You can read the joint cybersecurity advisory here or below.