North Korean hackers linked to Play ransomware attacks

3 weeks ago

"RANSOMWARE. All your files are encrypted."

(Image credit: Getty Images)

Jumpy Pisces, a North Korean state-sponsored threat character besides known arsenic Onyx Sleet, aliases Andariel, has precocious shifted its attraction to ransomware attacks, experts person warned.

In a caller method analysis, researchers from Unit 42 said though Jumpy Pisces had antecedently focused connected cyber-espionage and financial crimes, it has successful caller times teamed up pinch nan infamous Play Ransomware group (also known arsenic Fiddling Scorpius).

Play emerged successful nan summertime of 2022, and has since past grown into a formidable threat character - truthful overmuch truthful that successful December 2023, nan FBI warned astir this group, claiming it compromised astir 300 victims successful its first twelvemonth and a half of its existence.

Initial entree brokers

"Since June 2022, nan Play (also known arsenic Playcrypt) ransomware group has impacted a wide scope of businesses and captious infrastructure successful North America, South America, and Europe," nan agency said astatine nan time. "As of October 2023, nan FBI was alert of astir 300 affected entities allegedly exploited by nan ransomware actors."

The domiciled Jumpy Pisces plays successful this business is not definitively determined, but it’s astir apt that it acts arsenic an first entree agent (IAB), opening Play operators doors to different victims.

Unit 42 believes this alteration is important because it shows that Jumpy Pisces is getting much progressive successful ransomware activities, and are utilizing existing ransomware infrastructure alternatively of building its own. That makes nan attacks much sophisticated, and perchance - much widespread.

However, BleepingComputer added that successful an mean ransomware attack, location are aggregate parties involved. Most ransomware variants these days run connected an “as-a-service” model, meaning that nan developers are not nan ones infecting victims, and that nan 2 extremity up splitting eventual profits. Add IAB to nan mix, and now location are astatine slightest 3 abstracted threat actors engaged successful a azygous attack.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

In immoderate case, companies should beryllium other vigilant, nan researchers conclude, informing that this caller teamup mightiness lead to superior ransomware infections.

More from TechRadar Pro

This vulnerable caller Linux malware is going aft VMware systems pinch aggregate extortion attempts
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology