Suspected Nork digital intruders caught breaking into US healthcare, education orgs

Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, according to security researchers.

"We observed that the attacker had infected several educational institutions, including a university that is connected to several other institutions, indicating a potential wider attack surface," Cisco Talos researcher Chetan Raghuprasad told The Register. "Additionally, one of the affected entities was a healthcare facility, specifically for elderly care. 

"Based on the nature of the victimology in the current intrusions, the actor likely has a motive for financial gain," Raghuprasad added.

Talos spotted the ongoing campaign, attributed to a group it tracks as UAT-10027, and says "with low confidence" that it's a North Korean crew based on similarities to Lazarus Group and other Pyongyang-backed gangs.

The attackers likely gain initial access via social engineering and phishing, we're told, and the multi-stage ...