The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a new advisory regarding cybersecurity. This advisory details recent observations of TTPs used in North Korean ransomware operations.
These operations have targeted public health and other critical infrastructure sectors, highlighting the ongoing threat posed by the malicious actors.
Several agencies have compiled this report on the matter, and the agencies involved can be found here:-
It is believed that the funds extorted in this manner have been used to support the National Objectives and Priorities of the North Korean Government.
According to the United States Cybersecurity & Infrastructure Security Agency (CISA), North Korean hackers have not only relied on privately-developed ransomware to attack healthcare systems in South Korea and the United States but also utilized about a dozen different strains of file-encrypting malware.
This information serves as a wake-up call for organizations in the healthcare sector to step up their cybersecurity measures and be aware of the evolving tactics used by these malicious actors.
North Korean threat actors have developed a methodology for acquiring the necessary infrastructure for conducting cyber attacks. This is achieved by creating fake personas and accounts, which they then use to obtain cryptocurrency through illegal means.
They often rely on foreign intermediaries who can help them conceal the trail of money they have made.
Cybercriminals have found ways to conceal their true origin and location when carrying out hacking activities. They do this by using virtual private networks (VPNs) and virtual private servers (VPSs) or by routing their activities through third-party IP addresses.
This makes it difficult for investigators and security personnel to trace the source of the attack and identify the individuals or groups behind it.
The process of compromising a target system or network involves taking advantage of various vulnerabilities in order to gain access and increase the level of privileges. By exploiting these vulnerabilities, attackers can gain entry into a target network and carry out their malicious activities.
Flaws exploited:-
Once they have successfully gained initial access to a target network, North Korean hackers conduct extensive reconnaissance and lateral movement to gather information and expand their presence within the network. This is accomplished by executing shell commands and deploying additional payloads.
Here below we have mentioned all the TTPs that are observed by the security analysts:-
Here below we have mentioned all the mitigations recommended by the security experts:-
Network Security Checklist – Download Free E-Book
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…