"North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware"

Since September 2021, an emerging threat cluster originating in North Korea has been linked to the development and use of ransomware in cyberattacks against small businesses. The group, known as H0lyGh0st after the ransomware payload of the same name, is being tracked by Microsoft Threat Intelligence Center under the designation DEV-0530, which is assigned to unknown, emerging, or developing threat activity. Small-to-midsize businesses, such as manufacturing firms, banks, educational institutions, and companies that organize events and meetings, are among the targeted entities. DEV-0530, in addition to their H0lyGh0st payload, maintains an .onion site that the group uses to interact with their victims, according to the researchers. DEV-0530's ransom demands range from 1.2 to 5 bitcoins, though an examination of the attacker's cryptocurrency wallet reveals no successful ransom payments from its victims as of early July 2022. The group is suspected of having ties to Plutonium, also known as DarkSeoul or Andariel, a North Korean-based sub-group operating under the Lazarus umbrella. This article continues to discuss the key observations and findings regarding the H0lyGh0st ransomware group. 

THN reports "North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware"