Microsoft links Holy Ghost ransomware operation to North Korean hackers TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. Microsoft links Holy Ghost ransomware operation to North Korean hackers By Sead Fadilpašić published 15 July 2022 They're not state-sponsored, but are linked to the government (Image credit: Future) Audio player loading… Holy Ghost, a lesser-known ransomware (opens in new tab) operator, is most likely being managed by North Korean hackers, Microsoft has said. The company's Threat Intelligence Center (MSTIC) has been tracking the malware (opens in new tab) variant for more than a year now, and has found multiple evidence pointing to North Koreans being behind the operation. Although the group seems to be linked to the country's government, it appears as if it's not on payroll, but rather a financially motivated group that sometimes co-operates with the government. Typical MO MSTIC says the group has operated for quite some time now, but failed to become as big or as popular as other major players, such as BlackCat, REvil, or others. It has the same modus operandi: find a flaw in the target's systems (Microsoft spotted the group abusing CVE-2022-26352), move laterally across the network, mapping all of the endpoints, exfiltrate sensitive data, deploy ransomware (earlier, the group used SiennaPurple variant, later switched to an upgraded SiennaBlue version), and then demand a ransom payment in exchange for the decryption key and a promise that the data won't be leaked/sold on the black market. The group would usually target banks, schools, manufacturing organizations, and event management firms. Read more> Lazarus hackers are using malicious cryptocurrency apps, FBI warns (opens in new tab) > FBI says North Korean Lazarus group was behind huge crypto theft (opens in new tab) > These are the best ID theft protection services today (opens in new tab) As for payment, the group would demand anywhere between 1.2 and 5 bitcoins, which is approximately $30,000 - $100,000, at today's prices. However, even though these demands are relatively small, compared to other ransomware operators, Holy Ghost was still willing to negotiate and reduce the price even further, sometimes getting just a third of what it initially asked for. Even though the things like attack frequency, or choice of target, made researchers think Holy Ghost is not a state-sponsored actor, there are some connections to the government. Microsoft found the group communicating with the Lazarus Group, which is a known state-sponsored actor. What's more, both groups were "operating from the same infrastructure set, and even using custom malware controllers with similar names." These are the best firewalls (opens in new tab) right now Via: BleepingComputer (opens in new tab) Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1You may not have to sell a body part to afford the Nvidia RTX 4090 after all2One of the world's most popular programming languages is coming to Linux3The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me4Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie5Google Pixel Tablet is what Apple should've done ages ago1Best laptops for designers and coders 2The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me3Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie4iPhone 15 tipped to come with an upgraded 5G chip5Google Pixel Tablet is what Apple should've done ages ago Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)