AdvisoryAdvisoriesCISAAA23-040A

February 9, 2023

DPRK Ransomware Activity

February 9, 2023

What we know so far

This joint Cybersecurity Advisory (CSA) by multiple U.S. and South Korean agencies aims to raise awareness about ongoing ransomware attacks against Healthcare and Public Health Sector organizations and critical infrastructure entities. It provides an overview of the state-sponsored ransomware activities carried out by the Democratic People's Republic of Korea (DPRK). The CSA highlights the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by DPRK cyber actors to infiltrate and target these organizations, along with their use of cryptocurrency for ransom demands. The advisory cautions against paying the attackers, instead providing a recovery script to reverse the effects of the malware.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories