Microsoft has connected state-sponsored actors being tracked as DEV-0530 to a threat that surfaced in June 2021 and targets small to mid-sized organizations.
A new ransomware threat that has already infected a number of small-to-midsized enterprises has been traced by Microsoft researchers to financially motivated North Korean state-sponsored criminals who have been active since last year. Since June 2021, a group that goes by the name H0lyGh0st and is being monitored by researchers at the Microsoft Threat Intelligence Center (MSTIC) as DEV-0530 has been creating and employing ransomware in attacks.
According to experts, the group communicates with victims using a.onion website that it maintains and on which it offers a contact form for victims to use. They claimed that H0lyGh0st has also been observed using only PLUTONIUM-made tools