Maui Ransomware

#Maui • 2022-07

🇺🇸 United States, 🇯🇵 Japan

North Korean state-sponsored actors, with later reporting linking a 2021 case to Andariel, used Maui ransomware in a manually operated encryption campaign affecting healthcare and other financially viable organizations in the United States and Japan. The malware encrypted selected servers and files through command-line execution, used AES/RSA/XOR routines with local key and log artifacts, and caused disruption to healthcare services including electronic health records, diagnostics, imaging, and intranet systems.

Related Actors

Related Reports

2025-01-24
Nurilab
#Maui
2024-07-25
USJustice
#Andariel #Maui #MoneyLaundering #ArkansasHealthcare #CaliforniaDefense #ChineseEnergy #ColoradoMedical #ConnecticutHealthcare #FloridaHospital #KansasHospital #MassachusettsDefense #MichiganDefense #NASA #OregonDefense #RandolphAirForce #RobinsAirForce #SouthKoreanManufacturing #TaiwaneseDefense
2024-07-25
Mandiant
#Maui #KKNPP #APT45 #SHATTEREDGLASS
2023-03-07
UN
#Trend #Sanctions #Maui #H0lyGh0st #Harmony #AxieInfinity
2023-02-10
KRNCSC
#Ransomware #Maui #H0lyGh0st
2023-02-10
Ahnlab
#Ransomware #Maui #H0lyGh0st
2023-02-09
USCISA
#Ransomware #Maui #H0lyGh0st #T1083 #T1583.003 #T1195 #T1486 #T1133 #T1190 #T1583 #T1021
2022-08-09
Kaspersky
#Andariel #Maui #DTrack
2022-07-27
Avertium
#Ransomware #Maui
2022-07-06
USCISA
#Ransomware #Maui #T1486 #T1059.008
2022-07-06
Stairwell
#Ransomware #Maui
« Back