"North Korean Hackers Target US Health Providers With 'Maui' Ransomware"

The Cybersecurity and Infrastructure Security Agency (CISA) has recently released a new advisory suggesting North Korean state-sponsored cyber actors are using the Maui ransomware to target Healthcare and Public Health (HPH) Sector organizations in the US.  The threat actors have been engaging in these campaigns since May 2021.  CISA noted that North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services, including electronic health records services, diagnostics services, imaging services, and intranet services.  In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods.  CISA stated that from a technical standpoint, the ransomware appears to be designed for manual execution by a remote actor.  The ransomware also uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt target files.

Infosecurity reports: "North Korean Hackers Target US Health Providers With 'Maui' Ransomware"