Friday, December 8, 2023

North Korean and Chinese Hackers Attacking Healthcare Industries

Healthcare has been one of the primary industries targeted by threat actors as part of every malware or ransomware campaign. Many Advanced Persistent Threat (APT) actors are from China due to political reasons between China and the United States.

These threat actors run their cybercriminal groups like organizations in which they recruit, track revenues, and form partnerships. Additionally, there are also cases where large cybercriminal groups act like corporations where there are several departments, staffing, quality control, etc.

Moreover, these threat actors evolve their capabilities and rely on black markets to bring in a new range of features and threat vectors.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

An Overview of Cyber Criminals

As per the reports shared with Cyber Security News, threat actors who have more notoriety have been analyzed and gathered information about their types of operation, operational revenue, residing members and their nativity, and much more.

GozNym Network

GozNym was a threat group that had stolen over $100 million, with its members residing in  Russia, Georgia, Ukraine, Moldova, and Bulgaria. This threat actor ran a Cybercrime-as-a-service operation offering Bulletproof hosting, money laundering, spamming, and encrypting tools. However, this threat group was busted in 2019.

China (APT41)

China has been known to be powerful in the cyber industry. China also has a five-year plan (2021-2025) that targets clinical medicine, genetics, biotechnology, neuroscience, and general healthcare research and development.

If each one of the FBI’s cyber agents and intel analysts focused exclusively on the China threat, Chinese hackers would still outnumber FBI cyber personnel by at least 50 to 1.” said the FBI Director, Christopher Wray.

APT41 is also known as the wicket-panda or double dragon and has been active since 2012. This threat actor uses Supply-chain attacks and Bootkit operations for their criminal activity. Moreover, this threat actor has been known to target the U.S. health sector and organizations specifically.

North Korea (APT43 & LAZARUS)

Most countries, including Japan, Australia, the United States, and the European Union, have sanctioned North Korea. In addition, the UN has banned the trade of arms and military equipment, dual-use technologies, and others. 

However, North Korea has conducted cyberattacks even as part of retaliation for the insult against its leader Kim-Jong Un, which was the Sony cyberattack in 2014. Sony showed a bad portrayal of their leader in the movie The Interview.

APT43 is known as Kimsuky, Velvet Chollima, and Emerald Sleet (THALLIUM) and is known to conduct social engineering attacks and credential harvesting. Another threat actor from North Korea was the Lazarus group, identified as APT38. 

This threat actor has conducted major cyber operations, including Operation Troy, Sony Picture/Operation Blockbuster, GHOSTRAT, Bangladeshi Bank, Wannacry, Various cryptocurrency exchanges/companies, and COVID-19 vaccine data. This threat group was one of the most notorious groups and is known to use the following tools for their operation.

Tools Used

BISTROMATHA multi-functional remote access trojan; part of the HotCroissant malware family
SLICKSHOESAn implant that can transfer files and load and execute files into memory
CROWDEDFLOUNDERRemote Access Trojan capable of receiving and initiating connections
HOTCROISSANTDropper with beaconing, reconnaissance, file transfer, and other capabilities
ARTFULPIEAn implant that can conduct beaconing, file transfers, and execution, as well as Windows command line access, process creation/termination, and system enumeration
BUFFETLINEImplant that can conduct beaconing, file transfers, and execution, as well as Windows command line access, process creation/termination, and system enumeration

The U.S. Department of Health and Human Services has published a complete report. It provides detailed information about these threat actors, their members, activities, FBI tracking, and defense mitigation.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

Exploitation Methods Used by PlugX Malware Revealed by Splunk Research

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid...

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative...

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Endpoint Strategies for 2024 and beyond

Converge and Defend

What's the pulse of Unified Endpoint Management and Security (UEMS) in Europe? Join us live to uncover the strategies that are defining endpoint security in the region.

Related Articles