VHD Ransomware Variant Linked to North Korean Cyber Army

  /     /     /  
Publicated : 23/11/2024   Category : security


VHD Ransomware Variant Linked to North Korean Cyber Army


Researchers use code, Bitcoin transactions to link ransomware attacks on banks to DPRK-sponsored actors.



The ransomware strain known as VHD has been traced to North Korean state actor APT38 by a team of researchers using detailed code analysis and following a Bitcoin trail. 
The Democratic Peoples Republic of Korea (DPRK) has used ransomware for several years to raise money for state coffers, including the February 2016 Bangladesh bank heist in which attackers tried to use the
SWIFT banking system
to steal almost US$1 billion, explains Trellix researcher Christiaan Beek in a new blog post. 
Beek and a team of fellow cybersecurity analysts linked North Koreas cyber army to the VHD ransomware, which they said has been used in ransomware attacks on global financial systems and cryptocurrency exchanges since March 2020. The analysts compared known DPRK code with VHD ransomware and found stark similarities, the post states. Bitcoin transactions overlapping between known DPRK-sponsored cybercrime groups were also
reported by the team. 
We suspect the ransomware families described in this blog are part of more organized attacks, Beek adds. Based on our research, combined intelligence, and observations of the smaller targeted ransomware attacks, Trellix attributes them to DPRK affiliated hackers with high confidence.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
VHD Ransomware Variant Linked to North Korean Cyber Army