North Korea-based hacker group ‘HolyGhost’ caught in cyber hacking nexus. The hacker group has been accused of attacking small businesses in numerous countries. It pursued a very distinct yet dramatic pattern of a ransomware attack by leaving a ransom note on the compromised machine after stealing the data. Victims are erratically selected from small to mid-size businesses. Nonetheless, the attackers conceded to negotiate with the victims in exchange for either payout between 1.2 to 5 bitcoins or up to about $10,000 at the current exchange rate.
Given the fact that the accused hackers trace links to North Korea, it doesn’t inevitably means having been monitored by the North Korean government, mainly because of the organization’s arbitrary selection of victims, not selective. Nevertheless, Holy Ghost’s relationship with the North Korean government is evident in communication between email accounts concerning to Holy Ghost and the Andariel, a threat actor part of the Lazarus Group under North Korea’s Reconnaissance General Bureau as researchers at Microsoft Threat Intelligence Center say so.
Holy Ghost’s website is down right now but the attacker used the limited visibility it had to masquerade as an authentic entity endeavouring to help victims enhance their security position. Similarly, they motivate their activities as an accomplishment to “wrap up the between the rich and poor” and to “alleviate the poor and starving people.”
