CISA Alert AA23-040A – #StopRansomware: ransomware attacks on critical infrastructure fund DPRK malicious cyber activities. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

News, Tech News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 10 February 2023

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense Security Agency are issuing this alert to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities. AA23-040A Alert, Technical Details, and Mitigations CISA’s North Korea Cyber Threat Overview and Advisories webpage. Stairwell provided a YARA rule to identify Maui ransomware, and a Proof of Concept public RSA key extractor at the following link: https://www.stairwell.com/news/threat-research-report-maui-ransomware/ See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center’s DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a CISA Cybersecurity Alert.
0:16.0	ID number Alpha Alpha 23 tag 040 Alpha.
0:20.0	Original release date, February, February 9, 2023.
0:23.6	CISA, NSA, FBI, the U.S. Department of Health and Human Services,
0:32.1	the Republic of Korea National Intelligence Service
0:34.6	and the Republic of Korea Defense Security Agency
0:37.6	are issuing this alert to highlight ongoing ransomware activity against
0:41.1	health care and public health sector organizations and other critical infrastructure sector entities.
0:47.0	This advisory highlights TTPs and IOCs that DPRK cyber actors use to gain access to and conduct ransomware attacks
0:54.5	against health care and public health sector organizations and other
0:57.6	critical infrastructure sector entities as well as DPRK cyber actors's use of
1:02.4	cryptocurrency to demand ransoms.
1:04.8	This alert is supplementary to previous reports on malicious cyber activities involving
1:09.5	DPRK ransomware campaigns, including Maui and Holy Ghost Ransomware.
1:19.3	The authoring agencies are issuing this advisory to highlight new observed TTPs that DPRK's cyber actors use to conduct ransomware attacks. The authoring agencies assess that revenue
1:25.7	from these operations supports DPRK national level priorities and objectives, including
1:31.0	cyber operations targeting the United States and South Korea governments.
1:35.0	The alert documentation linked in the show notes includes additional technical details,
1:40.0	IOCs, malicious actor TTPs, recovery guidance, mitigations, and response recommendations.
1:48.1	The FBI is seeking any information that can be shared to include boundary logs showing communication to and from foreign IP addresses,
1:56.4	Bitcoin wallet information, the decryptor file, and benign samples of encrypted files.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.