At a glance.
- US, RoK agencies outline DPRK ransomware threat.
- Reddit breached.
- Flaws found in IIoT devices.
- Romance scams rise as Valentine's Day approaches.
- CISA releases six ICS advisories.
- Starlink's revised support for Ukraine.
US, RoK agencies outline DPRK ransomware threat.
DPRK state-affiliated actors have been observed targeting the healthcare and critical infrastructure sectors with Maui and H0lyGh0st ransomware as a means to extort money to further fund North Korea’s “national priorities,” including cyberespionage, SC Magazine wrote yesterday. The US Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, National Security Agency, Department of Health and Human Services, the Republic of Korea (ROK) National Intelligence Service, and the ROK Defense Security Agency released a joint advisory yesterday discussing tactics, techniques, and procedures (TTPs) of DPRK threat actors using ransomware attacks to target both nations’ healthcare and critical infrastructure industrie. They also suggest mitigations for victim organizations. NSA wrote that once the identity and location of the scammers are sufficiently hidden, the attackers will move to common vulnerabilities and exposures (CVEs) to overtake a victim network and release ransomware. The vulnerabilities most exploited by these malicious actors are the “Apache Log4j software library (also known as "Log4Shell") and remote code execution in various SonicWall appliances.” For more on Pyongyang's policy of ransomware, see CyberWire Pro.