Symantec identified a hacker group known as Orangeworm that is breaking into U.S. healthcare organizations' X-Ray, MRI and other medical machines as part of an ongoing corporate espionage operation, according to a Symantec report released April 23.
Here are six things to know.
1. Orangeworm was a previously unknown group that Symantec discovered in 2015. It installs a custom backdoor called Trojan.Kwampirs in the networks of large international corporations in healthcare sector primarily in the U.S. but also in Europe and Asia.
2. According to the report, the known victims include healthcare providers, drugmakers, IT solution providers for healthcare and equipment manufacturers serving the healthcare industry, most likely in pursuit of corporate espionage.
3. Orangeworm's secondary targets include the manufacturing, IT, agriculture and logistics industries.
4. Trojan.Kwampirs is a backdoor Trojan that allows the attackers remote access to the compromised computer. Kwampirs "decrypts and extracts a copy of its main DLL payload from its resource section. Before writing the payload to disk, it inserts a randomly generated string into the middle of the decrypted payload in an attempt to evade hash-based detections," the report states.
5. After hackers have infected a computer with the Kwampirs malware, "the attackers have the ability to extend the malware's functionality by downloading and executing additional modules in memory," Alan Neville, a Symantec researcher, told Forbes. "These modules may be customized to the victim's environment to assist the attackers in performing any desirable action on these devices."
6. Symantec does not believe Orangeworm is a state-sponsored actor but rather thinks it is an individual or a small group of individuals. Symantec noted there are no technical or operational indicators to determine the group's origin.
Click here to read the full report.
More articles on cybersecurity:
In wake of WannaCry, NHS assessed 200 facilities on cybersecurity preparedness — None passed
Illinois health department erroneously mails out names, addresses of 4k people
25% of organizations using a public cloud have had data stolen, survey finds