Since these organizations offer critical services, the advisory noted detection techniques and mitigation measures to avoid falling prey to Maui – North Korean APT demanding hefty ransoms after locking down its healthcare targets.
Targeting Healthcare Providers
Out of all the state-sponsored hacking groups we have today, North Korean teams are some of the highly specialized teams. They leverage a bunch of open-source tools and develop curated plans to exploit victims remotely in several ways. Ransomware is one department they excel, and Maui is one among them. The Maui hacking group is a North Korean state-sponsored team that’s been actively targeting healthcare organizations since at least May 2021. This was noted by the FBI, CISA, and the Department of Treasury today in a joint advisory. Warning that such attacks will continue, the advisory stated indicators of compromise and techniques the Maui group uses to exploit the target organizations. When targeted, the Maui group locks up the healthcare provider’s electronic health records services, imaging services, diagnostics services, intranet services, etc., making the whole infrastructure useless for some time. Holding the data and systems for a prolonged period forces the victimized healthcare management to pay the ransom as soon as possible, considering the sensitive services they provide to the public. Yet, the agencies discourage the healthcare organizations from paying ransom since that doesn’t ensure the threat actors give away keys or blackmail them again later. So to avoid all these happening, the advisory mentioned mitigation techniques to be followed and to stay secure. These include regularly installing the software updates, maintaining offline data backups, and readying up with a basic cyber incident response plan when an unexpected event occurs.