The Kwampirs (aka Orangeworm) attack group continues to target global healthcare entities in this time of crisis, the FBI has warned.
“Targeted entities range from major transnational healthcare companies to local hospital organizations,” the Bureau noted.
“The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products. Infected software supply chain vendors included products used to manage industrial control system (ICS) assets in hospitals.”
Kwampirs
This is the third FBI private industry notification since the beginning of the year about the group’s activities and the modular Kwampirs RAT it uses.
According to the alert:
The attack group first establishes a broad and persistent presence on the targeted network and then delivers and executes the Kwampir RAT and other malicious payloads
Kwampirs actors have successfully gained and sustained persistent presence on victim networks for a time period ranging from three to 36 months
The Kwampir RAT is modular and, depending on the target, different modules are dropped. But it seems that the threat actors main goal is cyber espionage
Significant intrusion vectors include: lateral movement between company networks during mergers and acquisitions; malware being passed between entities through shared resources and internet facing resources during the software co-development process; and software supply chain vendors installing infected devices on the customer/corporate LAN or customer/corporate cloud infrastructure.
“Kwampirs campaign actors have targeted companies in the imaging industry, to include networked scanner and copier-type devices, with domain access to customer networks. The FBI assesses these imaging vendors are targeted to ..
Support the originator by clicking the read the rest link below.
