North Korea is allegedly responsible for a recent wave of ransomware attacks against hospitals and other healthcare facilities, the U.S. government declared on Wednesday.
The United States has long claimed that North Korea employs hackers to gather money for state objectives like the development of nuclear weapons.
The recent warning from the U.S. is the most unambiguous indication that the government believes North Korea has shifted to shutting off critical American services as a new method of funding its government.
The FBI, Treasury Department, and Cybersecurity and Infrastructure Security Agency jointly warned that since May 2021, North Korean hackers have allegedly been employing a ransomware strain known as Maui to infiltrate American hospitals.
“North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services — including electronic health records services, diagnostics services, imaging services, and intranet services,” the government agencies said.
An email seeking comment from the North Korean mission at the UN was not immediately answered.
In recent years, ransomware, a lucrative criminal industry in which hackers encrypt a victim’s computer networks and demand a key to decrypt them, has grown in popularity. According to an estimate from cybersecurity firm Chainalysis, hackers made at least $731 million from the method last year.
Little is known about North Korea’s Maui ransomware victims. Unlike many other ransomware organizations, Maui operators do not maintain a public website where they can humiliate victims to get them to pay.
According to Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future, “about a dozen” clinics, hospitals, and urgent care centers have fallen victim to Maui. However, the analyst was unable to identify them publicly.
The operators of Maui appear to employ the same strategies as most of the significant criminal ransomware organizations, Liska said. They are frequently from Russia and Eastern Europe, and there is alleged evidence that their nations’ governments have given these criminals implicit support.
According to John Hultquist, vice president of intelligence analysis at the cybersecurity company Mandiant, most North Korean hacking operations act under direct supervision.
“They’re essentially trying to raise money. They’re funding the regime. That’s their job,” Hultquist said.
Western governments and experts in cybersecurity have claimed that North Korea was responsible for several high-profile hacks that cost considerable sums of money in recent years.
The Treasury Department reported that North Korean hackers stole $600 million in an attack earlier this year on the game Axie Infinity, and researchers reportedly discovered that a significant North Korean hacking unit stole nearly $400 million in cryptocurrencies last year.
On December 19, 2017, the White House officially blamed North Korea for the WannaCry ransomware attack the previous May that shut down over 300,000 computers in 150 countries, particularly affecting the UK’s health sector.
“Unfortunately, ransomware actors have recognized the value of targeting health care because they pay out,” Hultquist said on Wednesday.
Deputy UN Ambassador Kim In Ryong had called it “ridiculous” to link North Korea to the attack. Pyongyang has yet to respond to the latest allegations.
