US ‘Disrupted’ North Korean Hackers Who Breached Health Sector

(Bloomberg) — Federal investigators “disrupted” a North Korean state-sponsored hacking group that targeted US medical facilities and other health organizations, a top Justice Department official said Tuesday.

The attacks included the targeting of a medical center in Kansas last year, Deputy Attorney General Lisa Monaco said, disabling the hospital’s systems that store important data and run key equipment. Monaco said the government’s investigation led to a public warning, with the Department of Homeland Security, about “Maui” ransomware targeting the health sector.

“The hospital’s leadership faced an impossible choice: Give in to the ransom demand, or cripple the ability of the doctors and nurses to provide critical care,” Monaco said at the International Conference on Cyber Security at Fordham University in New York. 

The Biden administration has increasingly warned of cyber threats from countries, including Russia, and has urged the private sector to do more to harden its security. The Cybersecurity and Infrastructure Security Agency, for instance, has widely published tips it said could help deter and mitigate potentially disruptive attacks.

Through the investigation into the ransomware attacks on medical centers, the FBI identified China-based money launderers — who Monaco said “regularly assist the North Koreans in ‘cashing out’ ransom payments” — and seized about $500,000 in payments and cryptocurrency, including all the funds paid by the Kansas medical center.

“Today, we have unsealed the seizure warrant and initiated proceedings to return the stolen funds to the victims,” Monaco said. She declined to name the Kansas facility.

The Justice Department has also brought charges against major cybercriminals that allegedly conducted major hacks against critical infrastructure. In March, a federal grand jury indicted four Russian nationals it said committed cyberattacks against hundreds of companies in the energy sector worldwide, including a nuclear power facility in Kansas.

US officials have also pushed for more disclosure from critical infrastructure operators, such as a new law that requires certain firms to report hacks to the Department of Homeland Security within 72 hours — and within 24 hours if they make a ransomware payment. The FBI last year estimated it had visibility into only a quarter of cyber incidents.

More stories like this are available on bloomberg.com

©2022 Bloomberg L.P.

Close Bitnami banner
Bitnami