Feds Disrupt N Korea Hackers in New Cyber Security Crackdown

Photo by Fernando Amaro via Flickr

Cyber attacks are “becoming more aggressive, more sophisticated, more belligerent and brazen” as the line between criminal and state-sponsored activities gets increasingly blurred, warns Deputy Attorney General Lisa O. Monaco.

In a  keynote address to the International Conference on Cyber Security (ICCS),  Monaco said the Department of Justice (DOJ) was prioritizing prevention, increased victim aid, and an emphasis on cohesion between the DOJ and its partners in the U.S. and “around the globe, across the government and across the private sector.”

According to Monaco, the tougher new strategy has disrupted the activities of a North Korean state-sponsored group deploying ransomware known as “Maui,” which targeted U.S. medical facilities and other public health sector organizations.

In the attack, North Korean state-sponsored cyber actors encrypted a Kansas hospital’s servers, demanding ransom, and threatening to double it within 48 hours.

The hospital’s leadership paid the ransom, but also notified the FBI who, alongside prosecutors with the DOJ, identified China-based money launderers, the type who regularly assist North Koreans in “cashing out” ransom payments into fiat currency.

“We seized approximately half a million dollars in ransom payments and cryptocurrency used to launder those payments… [including] all the ransom paid by the Kansas medical center, plus what we believe are ransoms paid by other victims,” said Monaco.

The operation was reported in a Comprehensive Cyber Review over the last year, and contgained in final report of their findings and recommendations released this week.

Monaco emphasized that it was the hospital’s decision to report the attack to the FBI that led to the identification of a previously unidentified ransomware strain, the recovery of ransoms paid by previously unknown victims, and the eventual release of a cybersecurity advisory to empower network defenders everywhere with an  approach that attacks malicious cyber activity from every angle.

“Like our approach to terrorism, we must be intelligence-led, threat-driven and laser-focused on preventing the next victim of malicious cyber activity,” said Monaco.

According to the Washington Examiner, the new report also detailed how “techniques developed by nation-state actors can subsequently be used by criminal actors for their own purposes” and pointed to Microsoft’s 2021 announcement about “nation-state cyber intrusions” by a hacker group the company dubbed Hafnium, which DOJ deemed a “state-sponsored threat.”

Microsoft said the hacks of its exchange server were sponsored by the government of China, and the U.S. attributed the activity to the Chinese Ministry of State Security last year.

The DOJ report also argued the department is “uniquely positioned to confront the challenge of foreign malign influence” and warned that “foreign malign influence actors seek to leverage the anonymity of the internet to more effectively carry out their campaigns.”

Hackers often “moonlighted” by engaging in cybercrimes which both benefited them personally and also sought to advance the “strategic interests” of their home country. “The bottom line is this: we are all in this together.

“It is bad for companies and bad for America if we don’t work together on these issues,” said Monaco.