Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide.
They’re also known for deploying destructive malware on their victims’ networks during the last stage of their attacks, likely to destroy any traces of their activity.
Christiaan Beek, a lead threat researcher at cybersecurity firm Trellix, said that the group’s operators (part of Unit 180 of North Korea’s cyber-army Bureau 121) have also used the Beaf, PXJ, ZZZZ, and ChiChi ransomware families to extort some of their victims.
Read more…
Source: Bleeping Computer