Ransomware attacks on critical infrastructure conducted by North Korea-linked hacker groups are used by the government of Pyongyang to fund its malicious cyber operations, U.S. and South Korean agencies warn.
US CISA published a Cybersecurity Advisory (CSA) to provide information about the threat actors to network defenders. The joint CSA about ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities is the result of the collaboration between the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) (hereafter referred to as the “authoring agencies”).