"North Korea Targets US, South Korean Hospitals With Ransomware to Fund Further Cyber Operations"
US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques, and procedures (TTPs) used by North Korean hackers to deploy "state-sponsored" ransomware against hospitals and other organizations considered to be part of the critical infrastructure of their respective countries. The agencies found that an unspecified amount of revenue from these cryptocurrency operations backs DPRK national-level goals. The advisory notes that specific targets include Department of Defense Information Networks and Defense Industrial Base member networks. South Korea has also imposed sanctions on four North Korean individuals and seven entities for their participation in these cybercrimes, the revenues of which are used to fund North Korea's nuclear and military programs. According to the agencies, these North Korean threat actors create domains, fake personas, and accounts, paying for them with either stolen cryptocurrency or cryptocurrency received as a ransom for encrypted data. This article continues to discuss the TTPs used by North Korean hackers to launch ransomware on hospitals and other organizations.