© Elnur Amiskishiyev, 123RF.com

© Elnur Amiskishiyev, 123RF.com

News for Admins

Tech News

Article from ADMIN 45/2018
Meltdown and Spectre revisit Intel, AMD, and ARM processors, Orangeworm, a new hacking group, targets the healthcare industry, Docker EE 2.0 announced, Remote code execution vulnerability found in Cisco

Orangeworm, a New Hacking Group Targeting Healthcare Industry

Security researchers at Symantec have discovered a hacker group that is attacking the healthcare industry. Dubbed Orangeworm, the group has been installing a backdoor called Trojan.Kwampirs on machines that are used to control medical equipment like X-ray and MRI systems. In addition, Orangeworm also seems interested in machines that are used to help patients in filling out consent forms for required procedures.

Trojan.Kwampirs creates backdoor remote access to the compromised system and starts collecting information about the computer. Symantec believes that Orangeworm probably uses this information to determine whether a researcher or a high-value target uses the system. If Orangeworm finds that the victim is a person of interest, it moves in to infect other computers on the network. Trojan.Kwampirs creates a service to ensure persistence, so that the main payload is loaded into memory during system reboot.

"When executed, Kwampirs decrypts and extracts a copy of its main DLL payload from its resource section. Before writing the payload to disk, it inserts a randomly generated string into the middle of the decrypted payload in an attempt to evade hash-based detections," explained Symantec's Security Response Attack Investigation Team in a blog post.

The healthcare industry is not the sole target of Orangeworm. According to Symantec, Orangeworm is also targeting manufacturing, IT, agriculture, and logistics companies. According to Symantec, "While these industries may appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products."

The US tops the charts of

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus