Kaspersky confirmed a 2022 Maui ransomware incident and expanded the known timeline to April 15, 2021, with targets in Japan and India. The excerpt says CISA attributed Maui activity to North Korean state-sponsored actors, while Kaspersky found no useful attribution detail in the CISA alert itself but observed a DTrack variant deployed about 10 hours before Maui on the same system. That overlap supports low-to-medium confidence attribution to the Korean-speaking APT Andariel, also known as Silent Chollima or Stonefly. DTrack is described as a Lazarus-subset backdoor used in ransomware and espionage activity, and Kaspersky also notes newer packed DTrack samples with limited code changes and additional European victimology to be analyzed later.