It’s the latest indication that state-sponsored hackers from countries like North Korea and Iran are willing to spread ransomware against the health sector — a tactic often associated with non-state cybercriminals.
The fall of 2020 saw a wave of ransomware attacks on US hospitals from Russian-speaking cybercriminals, including one ransomware incident in October 2020 that forced the University of Vermont to delay chemotherapy appointments.
In its warning on Wednesday, US agencies on Wednesday did not mention which organizations are the victims of alleged North Korean hackers.
Errol Weiss, the group’s chief security officer, said the Health Information Exchange and Analysis Center, a group that shares cyber threats to major healthcare providers around the world, has not identified any of its members as victims.
“I would imagine the victims were smaller organizations and not prepared to deal with a ransomware attack,” Weiss told CNN.
“Among its peers, North Korea is unique in its deep and effective involvement in cybercrime,” said John Holtquist, vice president of intelligence analysis at cybersecurity firm Mandiant. “Unlike other countries that may contract and negotiate with local criminals, North Korea is carrying out cybercrime directly, against targets around the world.”