Cybersecurity News

HHS, FBI, CISA Warn of North Korean State-Sponsored Cyber Threat Actors Targeting Healthcare

US and South Korean authorities issued a joint cybersecurity advisory to warn healthcare organizations about North Korean state-sponsored cyber threat actors who have been conducting ransomware attacks against the sector.

HHS, FBI, CISA Warn of North Korean State-Sponsored Cyber Threat Actors Targeting Healthcare

Source: Getty Images

By Jill McKeon

- North Korean state-sponsored cyber threat actors have been targeting the healthcare sector with ransomware, the National Security Agency (NSA), HHS, the Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) warned in a joint cybersecurity advisory (CSA).

The CSA contains a detailed overview of Democratic People’s Republic of Korea (DPRK) state-sponsored ransomware tactics and expands upon a July 2022 CSA regarding Maui ransomware, which has been used by DPRK cyber actors. Also in July, the US Department of Justice (DOJ) seized $500,000 from North Korean-backed Maui ransomware actors, who committed multiple healthcare cyberattacks.

“The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments—specific targets include Department of Defense Information Networks and Defense Industrial Base member networks,” the latest CSA stated.

The advisory shed light on a variety of tactics, techniques, and procedures (TTPs) used by DPRK actors. These threat actors are known to obfuscate their identities by operating under third-party foreign affiliate identities, purchase VPNs or foreign IP addresses, and use known vulnerabilities to gain network access.

The threat actors may also employ various ransomware tools, such as Maui and H0lyGh0st, and demand ransoms in the form of bitcoin.

The authoring entities urged healthcare organizations to encrypt connections with IoT medical devices and EHR systems, implement the principle of least privilege, and turn off weak or unnecessary network device management interfaces.

Healthcare organizations should also consider implementing multi-layer network segmentation, using monitoring tools to determine whether IoT devices are behaving erratically, and maintaining reliable backups.