The first-ever incident possibly linked to the ransomware family known as Maui occurred on April 15, 2021, and targeted an unnamed Japanese housing company.
Kaspersky’s disclosure comes a month after US cybersecurity and intelligence agencies issued advisory about the use of a strain of ransomware by North Korean government-backed hackers to attack the healthcare sector since at least May 2021.
A lot of the facts about its modus operandi arrived from incident reaction functions and sector investigation of a Maui sample that revealed a absence of “several vital options” usually connected with ransomware-as-a-company (RaaS) functions.
Even though these attacks have been pinned on North Korean advanced persistent danger groups, the Russian cybersecurity business has joined the cybercrime with very low to medium self-confidence to a Lazarus subgroup acknowledged as Andariel, also known as Operation Troy, Silent Chollima, and Stonefly.
Dtrack, also known as Valefor and Preft, is a remote access trojan used by the Stonefly group in their espionage attacks to steal sensitive information.
It is really worthy of pointing out that the backdoor, along with 3proxy, was deployed by the menace actor from an engineering organization that performs in the electrical power and military services sectors in February 2022 by exploiting the Log4Shell vulnerability.
Moreover, Kaspersky reported that the Dtrack sample employed in the Japanese Maui incident was also utilized to breach a number of victims in India, Vietnam, and Russia from December 2021 to February 2021.