Cybersecurity guidance

NSA Publishes Joint Cybersecurity Guidance About North Korean Ransomware Threat

The National Security Agency, in partnership with other government agencies from the United States and South Korea, has released a joint cybersecurity advisory about a ransomware threat from North Korea.

The advisory contains known tactics, techniques and procedures used by Pyongyang-sponsored cyber actors whenever they target American and South Korean health care systems and other critical infrastructure.

The document also noted that cyber actors spread malicious code through Trojanized X-Popup, an open-source messenger used commonly by employees at small- and medium-sized hospitals in South Korea.

North Korean hackers also demand ransom payments in cryptocurrency and use the money to procure additional resources, the NSA said Thursday.

To prevent future hacks, the authorities are urging health care and public health organizations to implement several mitigation techniques, such as authenticating and encrypting connections to limit data access; implementing the principle of least privilege through the standard user account on internal systems; turning off unnecessary network device management interfaces; and securing the location storage and processing practices for personally identifiable information.

NSA also urged defense contractors to implement the recommendations.

The Cybersecurity and Infrastructure Security Agency, the FBI, the Department of Health and Human Services, South Korea’s National Intelligence Service and its Defense Security Agency joined the NSA in releasing the report.