Joint Cybersecurity Advisory on the DPRK Cyber Actors’ Threat to Critical Infrastructure

Alvaro Marañon
Wednesday, July 6, 2022, 3:56 PM

The joint advisory warns of North Korean state-sponsored cyber actors using ransomware to target the U.S. healthcare and public health sector. 

Published by The Lawfare Institute
in Cooperation With

On July 6, the Cybersecurity and Infrastructure Security Agency (CISA), Department of Treasury, and the FBI released a joint cybersecurity advisory on the Maui ransomware that “has been used by North Korean state-sponsored cyber actors since at least May 2021 to target” the healthcare and public health sector. 

The advisory urges organizations to apply a series of mitigations and provides an overview of additional recommendations to “prepare for, mitigate/prevent, and respond to ransomware incidents.” The advisory notes that the FBI has observed and monitored the ransomware strain since May 2021, describing how the cyber actors used the ransomware to “encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services.” Interestingly, another threat report of the Maui ransomware noted a lack of several features commonly seen with other ransomware-as-a-service providers such as a lack of a ransom note with recovery instructions, possibly indicating that the strain is manually operated. 

You can read the joint cybersecurity advisory here or below.


Alvaro Marañon is a former fellow in Cybersecurity Law at Lawfare. Alvaro is a graduate from the American University Washington College of Law and the University of New Hampshire.

Subscribe to Lawfare