北_랜섬웨어_관련_韓美_합동_사이버보안_권고.pdf (311 KB)

The South Korea-U.S. joint advisory details North Korean ransomware operations against healthcare, public-health, and other critical-infrastructure organizations, updating prior reporting on Maui and related activity. It describes operators obtaining infrastructure, personas, VPNs, VPSs, and third-country IP addresses to obscure attribution, then exploiting public-facing vulnerabilities such as Log4Shell and SonicWall flaws for access. The advisory highlights staged malware for reconnaissance and file transfer, possible trojanized X-Popup distribution through xpopup.pe.kr and xpopup.com, and use of ransomware families including Maui, H0lyGh0st, BitLocker, ech0raix, GonnaCry, Deadbolt, Ryuk, Hidden Tear, Jigsaw, My Little Ransomware, NxRansomware, and YourRansom. It also lists ransom-payment behavior through Proton Mail and Bitcoin wallets, warning that proceeds may fund DPRK priorities and create sanctions risk for victims.