One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 5595940 |
| Date de publication | 2022-07-07 08:14:35 (vue: 2022-07-07 16:05:31) |
| Titre | North Korean State-Sponsored Threat Actors Deploying "MAUI" Ransomware |
| Texte | Today, the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Agency (CISA) and the Department of Treasury released a joint Cybersecurity Advisory on Maui Ransomware, which is attributed to state sponsored activity by the government of North Korea. The Joint CSA provides detailed insight on the various TTPs used by the threat actors behind Maui, which has targeted the Health and Public Health Sector.How Serious of an Issue is This?High. As ransomware activity causes downtime, theft of confidential and personally identifiable information (PII) and other significant impact to operations, it is important to ensure that various security measures are in place, like being up to date with patching vulnerable machines/infrastructure. Also, ensuring employees are trained and up to date on various social engineering attempts and tactics used by threat actors will be a first line of defense against such attacks.What is Maui Ransomware?Maui ransomware is unique in a way that it requires manual execution to start the encryption routine. Maui also features a CLI (command line interface) that is used by the threat actor to target specific files to encrypt. Maui also has the ability to identify previously encrypted files due to customer headers containing the original path of the file.Who are HIDDEN COBRA/LAZARUS/APT38/BeagleBoyz?HIDDEN COBRA also known as Lazarus/APT38/BeagleBoyz has been atributed to the government of North Korea. Also, they have been linked to multiple high-profile, financially-motivated attacks in various parts of the world - some of which have caused massive infrastructure disruptions. Notable attacks include the 2014 attack on a major entertainment company and a 2016 Bangladeshi financial institution heist that almost netted nearly $1 Billion (USD) for the attackers. Had it not been for a misspelling in an instruction that caused a bank to flag and block thirty transactions, HIDDEN COBRA would have pulled off a heist unlike any other. Although HIDDEN COBRA failed in their attempt, they were still able to net around 81 million dollars in total.The most recent notable attack attributed to HIDDEN COBRA was the Wannacry Ransomware attack, which resulted in massive disruption and damage worldwide to numerous organizations, especially those in manufacturing. Various estimates of the impact were in the hundreds of millions of dollars, with some estimates claiming billions. Other verticals which this group has targeted include critical infrastructures, entertainment, finance, healthcare, and telecommunication sectors across multiple countries.Who are the BeagleBoyz?The BeagleBoyz group is a newly identified group that is a subset of activity by the threat actors known as HIDDEN COBRA/LAZARUS/APT 38 and has been observed committing financial crimes, specifically cryptocurrency related thefts. Further information about the BeagleBoyz can be found here.What Operating Systems are Affected?Windows based operating systems are affected.What is the Status of Coverage?Fortinet customers running the latest definitions are protected against Maui with the following (AV) signatures:W32/Ransom_Win32_MAUICRYPT.YACC5W32/Agent.C5C2!trW32/PossibleThreatAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) advisory. |
| Envoyé | Oui |
| Condensat | 2014 2016 ability able about according across activities activity actor actors additional adversaries advisory affected against agency almost also although and/or any are around assets atributed attack attackers attacks attempt attempts attributed bangladeshi bank based beagleboyz been behind being billion billions block bureau c5c2 can caused causes cautioned cisa claiming cli cobra cobra/lazarus/apt cobra/lazarus/apt38/beagleboyz command committing company confidential containing control could countries coverage crimes criminal critical cryptocurrency csa customer customers cybersecurity damage date defense definitions department deploying detailed disruption disruptions distribution does dollars downtime due else embolden employees encourage encrypt encrypted encryption engage engineering ensure ensuring entertainment especially estimates execution failed fbi features federal file files finance financial financially first flag following foreign fortinet found fund further government group guarantee had has have headers health healthcare heist here hhs hidden high how hundreds identifiable identified identify illegal illicit impact important include information infrastructure infrastructures insight institution instruction interface investigation issue joint known korea korean latest lazarus/apt38/beagleboyz like line linked machines/infrastructure major manual manufacturing massive maui mauicrypt may measures million millions misspelling most motivated multiple ncsc nearly net netted newly north not notable note numerous observed ofac off office operating operations organizations original other parts patching path paying payment personally pii place potentially previously profile protected provides public pulled ransoms ransomware recent recovered related released requires resulted routine running sector sectors security serious signatures:w32/ransom significant social some specific specifically sponsored start state states status subset such systems tactics target targeted telecommunication theft thefts thirty those threat today total trained transactions treasury trw32/possiblethreatanything ttps unique united unlike usd used various verticals victims vulnerable wannacry way what which who will win32 windows world worldwide would yacc5w32/agent |
| Tags | Ransomware Threat Patching Medical |
| Stories | Wannacry Wannacry APT 38 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.