Article: First Case of X-Ray Malware Revealed?

Security nightmare as new attack campaign targets healthcare providers – and even high-end medical scanning machines…

 

Researchers have uncovered an unusual campaign seemingly targeted at healthcare providers in the West, but with some intriguing elements.

The attack group have been dubbed Orangeworm, and are clearly targeting the healthcare sector – more than 40 per cent of their confirmed victims are in the healthcare industry. The modus operandi of the group isn’t that unusual in itself, with an initial infiltration of the target, followed by deployment of a Trojan backdoor, Trojan.Kwampirs, which evades hash-based detection by inserting a randomly generated string into the middle of the decrypted payload before writing it to disk.

The Trojan has been found deeply embedded in compromised healthcare networks, including on high-tech imaging devices such as X-ray and MRI machines. According to the researchers though, the aim is not to attack these machines or steal their data, but to gather corporate espionage on the devices themselves. Worryingly, the malware is also interested in machines used to assist patients in completing consent forms for required procedures.

A full list of Orangeworm IOCs can be found here.

Full Article: https://www.htbridge.com/blog/first-case-of-x-ray-malware-revealed.html