North Korea-Based Hackers Attack US Health Organizations, Disrupting Services for "Prolonged Periods" with Ransomware

US Marshals Service Suffers Major Ransomware Breach
The US Marshals Service was the subject of a ransomware attack over a week ago, which compromised sensitive information, including data on fugitives.(not the actual image) DAMIEN MEYER/AFP via Getty Images

North Korean government-backed hackers have targeted various health institutions with ransomware in the last year, interrupting health services in some cases for prolonged durations, the FBI and other US authorities said on Wednesday.

The North Koreans encrypted computer systems housing electronic health records, diagnostics, and imaging services with ransomware, according to an alert issued by the FBI, Department of Treasury, and US Cybersecurity and Infrastructure Security Agency (CISA).

North Korean Hackers Target US Health Providers

It's the latest sign that state-sponsored hackers from nations like North Korea and Iran are ready to use ransomware against the health industry, a practice more commonly associated with non-state cybercriminals.

In June, FBI Director Christopher Wray accused Iranian government-backed hackers of carrying out a despicable cyberattack on Boston Children's Hospital last year, a claim Tehran disputed. Although no ransomware was used in that case, Iranian hackers were the focus of another US warning about ransomware in the healthcare industry in November, according to CNN.

North Korean hackers may have been engaged in a June 23 attack that stole up to $100 million in cryptocurrencies from Horizon Bridge, a Harmony blockchain service that lets assets be moved to other blockchains.

Although it has not been validated, the FBI claims that the kind of attack and high velocity of structured payments to a mixer - intended to conceal the origin of funds - are comparable to prior operations ascribed to North Korean-linked individuals, according to Chainalysis, a security firm.

Based on the nature of the attack and subsequent laundering of the stolen cash, another business, Elliptic, stated on June 29 in a report, "There are significant indicators that North Korea's Lazarus Group may be involved for this crime."

North Korea Steals a Total of $1 Billion US Funds

If verified, the incident would be the ninth this year - totaling $1 billion in stolen assets - that could be confidently connected to North Korea, representing 60% of the cash taken in 2022, according to Chainalysis.

The recent decline in bitcoin values may have hindered North Korea's ability to cash in on its stolen assets, analysts and South Korean officials said, potentially jeopardizing a crucial source of money for the sanctions-strapped government, as per Daily Mail.

Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future, said he's learned of about a dozen clinics, hospitals, and urgent care facilities that have been victims of Maui, a strain of ransomware infecting American hospitals, through confidential industry conversations, but he couldn't name them publicly.

As per Liska, Maui's operators appear to use the same strategies as the majority of the large criminal ransomware organizations. These are often made up of members from Russia and Eastern Europe. There are some indicators that gangs have the government's implicit permission.

In recent years, Western government officials and cybersecurity professionals have claimed that North Korea was responsible for several high-profile hacks involving substantial quantities of money. Researchers discovered that a big North Korean hacking organization stole about $400 million in bitcoin last year, while the Treasury Department said that North Korean hackers stole $600 million in an attack earlier this year on the game Axie Infinity, NBC News reported.

@Youtube

Tags
North korea, North Korean Hackers, Cyberattack, Us
Real Time Analytics