U.S. Healthcare Orgs Targeted with Maui Ransomware
State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.
Nation State reporting covers malware, threat actors, infrastructure, reported incidents, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Nation-state activity is cyber activity conducted, directed, or supported by a government, including espionage, disruption, or theft of sensitive information. The label can also cover suspected government-linked actors; attribution is often uncertain and may reflect intelligence assessment rather than publicly proven control.
For practitioners, reporting under this tag can indicate risks to government, critical-infrastructure, research, or strategic commercial networks, particularly through exposed systems, stolen credentials, or exploitation of unpatched vulnerabilities. Useful responses include prioritizing vulnerability remediation on internet-facing assets, enforcing strong authentication, limiting access to sensitive systems, and retaining logs that support investigation. Threat intelligence can help assess whether observed infrastructure or malware resembles activity associated with a state, but defensive decisions should rely on the technical evidence and the affected organization’s risk, not attribution alone.
State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.
In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021
CISA, FBI, US Treasury warn Kim Jong-un's latest malware has hit healthcare orgs For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.…
Apple's new Lockdown Mode protects devices targeted by sophisticated state-sponsored mercenary spyware attacks.