North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Contents
North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Summary
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
This joint CSA provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample. The FBI, CISA, and Treasury urge HPH Sector organizations as well as other critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA to reduce the likelihood of compromise from ransomware operations. Victims of Maui ransomware should report the incident to their local FBI field office …
Summary
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.
This joint CSA provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample. The FBI, CISA, and Treasury urge HPH Sector organizations as well as other critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA to reduce the likelihood of compromise from ransomware operations. Victims of Maui ransomware should report the incident to their local FBI field office …
IoC
2d02f5499d35a8dffb4c8bc0b7fec5c2
3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878
4118d9adce7350c3eedeb056a3335346
458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456
45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78
56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19
5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e
802e7d6e80d7a60e17f9ffbd62fcbbeb
830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570
87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6
99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f
9b0e7c460a80f740d455a7521f0eada1
a452a5f693036320b580d28ee55ae2a3
a6e1efd70a077be032f052bb75544358
c50b839f2fc3ce5a385b9ae1c05def3a
fda3a19afa85912f6dc8452675245d6b
3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878
4118d9adce7350c3eedeb056a3335346
458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456
45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78
56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19
5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e
802e7d6e80d7a60e17f9ffbd62fcbbeb
830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570
87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6
99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f
9b0e7c460a80f740d455a7521f0eada1
a452a5f693036320b580d28ee55ae2a3
a6e1efd70a077be032f052bb75544358
c50b839f2fc3ce5a385b9ae1c05def3a
fda3a19afa85912f6dc8452675245d6b