North Korean state-sponsored cyber actors target Healthcare and Public Health Sector with Maui ransomware

OMES Cyber Command encourages organizations to read a joint Cybersecurity Advisory (CSA) from Cybersecurity & Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury), North Korean state-sponsored cyber actors use Maui ransomware to target the Healthcare and Public Health Sector. It provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. 

CISA, FBI and Treasury urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

• Train users to recognize and report phishing attempts.
• Enable and enforce multifactor authentication.
• Install and regularly update antivirus and antimalware software on all hosts.

The article explains Maui ransomware tactics, techniques, and procedures, indicators of compromise, and recommended mitigations. Additionally, utilize StopRansomware.gov for more guidance on ransomware protection, detection, and response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.