Symantec discovers that Orangeworm is specialized in targeting healthcare sector, at least since 2015
There is an hacker group called Orangeworm, specialized in targeting the healthcare since 2015. It has been discovered by cybersecurity experts of Symantec. They have launched cyber-attacks on the industry in Usa, Asia and Europe. 40% of their aggressions focus on the industries sector. Other targets are either closely related to healthcare or part of the supply chain. Including IT, manufacturing, logistics and agriculture. It is likely that the aim is to gain access to their customers’ environments. The group’s exact motives are unclear. However, it is likely that they are interested in obtaining personal or proprietary information, possibly for identity theft, extortion or corporate cyber espionage.
The malicious hackers exploit the older systems and platforms to spread malware Trojan
The Orangeworm hackers launch cyber-attacks to gain access to the target environment. Then they deploy a custom malware trojan, allowing cyber aggressors to remotely access the compromised device. The malware collects information about the computer to determine if it may be of interest. Finally, it copies itself to other systems with open network shares and repeats the same operation. The trojan uses an older propagation method that mainly works on older operating systems. And the health sector, apart form few cases (especially in research and development), is known to use legacy systems on older platforms.
The healthcare sector is increasingly hit by cybercrime hackers or groups of cyber spies
The healthcare sector is increasingly hit by cybercrime hackers or groups of cyber spies. This is demonstrated by the latest cyber-attacks in the world. The goals are to make easy profits with blackmail or extortions (ransomware) or with the sale and trade of corporate secrets. Usually, however, the attackers are groups that are dedicated to a wide range of cyber crimes, of which the aggressions on companies and health institutions are only a part. Orangeworm, on the other hand, is specialized only in this. And, according to cybersecurity experts, we must expect that it will soon strike again.