Financial Crime World

Joint Cybersecurity Advisory Warns of Increasing Ransomware Threat from North Korean Actors

Introduction

A joint cybersecurity advisory has been released by the National Security Agency (NSA), several South Korean government agencies, and other organizations to alert the public about the growing threat of ransomware attacks from Democratic People’s Republic of Korea (DPRK) cyber actors.

Increasing Use of Cryptocurrency for Ransomware Attacks

According to the advisory, DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains. This allows them to conceal their affiliation and exploit common vulnerabilities and exposures (CVEs) in targeted networks to gain access and escalate privileges.

Recently Observed CVEs

The advisory highlights two recently observed CVEs that have been exploited by DPRK cyber actors:

  • Remote code execution in Apache Log4j software library (Log4Shell)
  • Remote code execution in various SonicWall appliances

Tactics, Techniques, and Procedures (TTPs)

The report shares recently observed TTPs used by DPRK cyber actors in ransomware attacks against critical infrastructure entities and organizations, including:

  • The Healthcare and Public Health Sector
  • The Department of Defense and Defense Industrial Base

Mitigations and Recommendations

To protect against the ransomware threat, all critical infrastructure entities and organizations are urged to apply the mitigations listed in this advisory. This includes:

  • Applying patches and updates for affected software and systems
  • Disabling unnecessary services to reduce attack surfaces
  • Implementing strong authentication and access controls
  • Monitoring networks and systems for suspicious activity

Joint Effort Against Ransomware

The advisory is part of the #StopRansomware effort, a joint initiative by several organizations to counter the ongoing ransomware threat. The report updates the joint CISA, FBI, and U.S. Department of Treasury Cybersecurity Advisory released in July.

Availability

The advisory has been issued jointly by the NSA, the Federal Bureau of Investigations (FBI), the U.S. Department of Health and Human Services (HHS), and South Korea’s National Intelligence Service (NIS) and Defense Security Agency (DSA). The report is available online at [insert link].