CISA Alert AA22-187A – North Korean state-sponsored cyber actors use Maui ransomware to target the healthcare and public health sector. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 6 July 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations. AA22-187A Alert, Technical Details, and Mitigations Stairwell Threat Report: Maui Ransomware North Korea Cyber Threat Overview and Advisories Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments National Conference of State Legislatures: Security Breach Notification Laws Health Breach Notification Rule Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches StopRansomware.gov CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 2-TAC 187 Alpha.
0:20.0	Original release Treasury are releasing this joint cybersecurity advisory to provide information on Maui
0:34.2	Ransomware which has been used by North Korean state-sponsored cyber actors since at
0:38.3	least May 2021 to target health care and public health sector organizations.
0:44.0	Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents
0:49.5	at health care and public health sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers
0:57.8	responsible for health care services, including electronic health records services,
1:02.0	diagnostics services, imaging services, and internet services.
1:07.2	The initial access vectors for these incidents is unknown.
1:11.2	According to industry analysis of a sample of Maui malware, the ransomware appears to be designed for manual execution by a remote actor.
1:18.0	The remote actor uses the command line interface to interact with the malware and to identify target files.
1:25.4	The alert documentation linked in the show notes includes tactics, techniques, and procedures
1:29.5	and indicators of compromise for this malicious activity.
1:33.0	The FBI, CISA, and Treasury urge health care and public health sector
1:36.6	organizations as well as other critical infrastructure organizations to apply the recommendations
1:41.5	in the mitigation section of this alert to reduce the likelihood of compromise from ransomware operations.
1:47.0	The FBI, SISA, and Treasury highly discouraged paying these ransoms.
1:52.0	Doing so does not guarantee files will be recovered and may pose sanctions violations and risks.
1:57.0	In September 2021, Treasury issued an updated advisory highlighting the sanctions risks associated with
2:03.7	ransomware payments and the proactive steps companies can take to mitigate such
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.