North Korean Hacking Group H0lyGh0st Has Been Targeting Small Businesses for Nearly a Year

Powerful Mantis botnet has targeted nearly 1,000 Cloudflare customers, Illicit addresses account for nearly a quarter of funds sent to mixers, Lawmakers seek to curb VPN abuses, much more

Check out my latest CSO column, which delves into the details of the Cyber Safety Review Board’s first report focusing on the log4j vulnerability.

Photo by Micha Brändli on Unsplash

Researchers at Microsoft Threat Intelligence Center (MTIC) say that an emerging threat cluster that calls itself H0lyGh0st, tracked by Microsoft as DEV-0530, has connections to a North Korean-based group known as Plutonium and has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021.

Targeted entities primarily include small-to-midsize businesses such as manufacturing organizations, banks, schools, and event and meeting planning companies. "The group's standard methodology is to encrypt all files on the target device and use the file extension .h0lyenc, send the victim a sample of the files as proof, and then demand payment in Bitcoin in exchange for restoring access to the files,” MTIC says.

Ransom amounts demanded by DEV-0530 range between 1.2 and 5 b…