The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury (Treasury) recently released a joint Cybersecurity Advisory (CSA) providing information on Maui ransomware.
The Maui ransomware has been used by North Korean state-sponsored cyber actors since at least May 2021 to target healthcare and Public Health (HPH) Sector organizations.
The CSA, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector,” provides technical details and indicators of compromise (IOC) observed during multiple FBI incident response activities over a period of more than a year and obtained from industry analysis of Maui samples.
“As the nation’s cyber defense agency, our team works tirelessly in collaboration with partners to publish timely information that can help organizations prevent and build resilience against all cyber threats,” CISA Executive Assistant Director for Cybersecurity Eric Goldstein said. “This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant risk to organizations of all sizes.”
North Korean state-sponsored actors were observed using Maui ransomware to encrypt HPH servers responsible for providing healthcare services. In some instances, the activity disrupted the services provided by the victim for prolonged periods.
“The FBI, along with our federal partners, remains vigilant in the fight against North Korea’s malicious cyber threats to our healthcare sector,” FBI Cyber Division Assistant Director Bryan Vorndran said. “We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems.”