81.4 F
Washington D.C.
Monday, June 24, 2024

U.S., South Korean Agencies Partner to #StopRansomware Threat from North Korea

DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains.

The National Security Agency (NSA) partnered with U.S. and South Korean government agencies to release a joint Cybersecurity Advisory about the Democratic People’s Republic of Korea (DPRK) ransomware threat.

The “#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities” advisory shares recently observed tactics, techniques, and procedures (TTPs) used by DPRK cyber actors in ransomware attacks against the U.S. and South Korean healthcare systems, as well as other critical infrastructure. The report also includes mitigations to help organizations protect against the ransomware threat.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), the U.S. Department of Health and Human Services (HHS), and the Republic of Korea’s National Intelligence Service (NIS) and Defense Security Agency (DSA) joined the NSA in releasing this new advisory. The report is part of the #StopRansomware effort to counter this ongoing threat and updates the joint CISA, FBI, and U.S. Department of Treasury Cybersecurity Advisory released in July, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector.”

DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains. The actors intend to conceal their affiliation and then exploit common vulnerabilities and exposures (CVE) in order to gain access and escalate privileges on targeted networks to perform ransomware activities.

Recently observed CVEs include remote code execution in the Apache Log4j software library (also known as “Log4Shell”) and remote code execution in various SonicWall appliances.

NSA and the other authoring agencies urge all critical infrastructure entities and organizations, including the Healthcare and Public Health (HPH) Sector, and the Department of Defense and Defense Industrial Base, to apply the mitigations listed in this advisory.

Read the full report here.

Read more at NSA

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles