Kaspersky researchers made link between Maui ransomware operation and ‘Andariel’ hackers group

Recent reports asserts that the Maui ransomware operation has been linked to the North Korean state-sponsored hacking group ‘Andariel’. This threat actor group is known for generating revenue through malicious cyber activities and for causing discord in South Korea. 

This state-sponsored North Korean hackers, orchestrates campaigns with financial motives. By running their own ransomware operations, they try to achieve their overall strategic goals. 

 Researchers at Kaspersky made the link between Maui and Andariel. They have attributed it with medium confidence. 

In the past, Andariel has been linked to ransomware attacks that targeted South Korean companies in sectors like media, construction, manufacturing and network services. 

Andariel has been targeting state, government and army organizations in their operations since around 2015. Andariel was also among the DPRK-backed hacking groups that the US State Department announced rewards for information about the operators. The rewards stood at $10 million. 

On the other hand Maui ransomware attacks surfaced in April 2021. The attacks mostly focused on healthcare organizations in the United States. 

The FBI and CISA issued warnings earlier about the Maui ransomware. They shared indicators of compromise that pointed to North Korean threat actors. 

The latest reports by Kaspersky is layered upon previous relations. The reports presents an evidence of an earlier Maui attack that was targeted to a Japanese housing company and subsequent unattributed attacks in India, Russia and Vietnam.