Healthcare organizations—including providers, pharmaceutical companies, IT solutions, device manufacturers, equipment makers, and others—appear to be the target of a hacking group called Orangeworm seeking to spy on this sector in pursuit of corporate espionage and commercial secrets, according to a new report.
Orangeworm, which is not associated with any nation-state actors, works by deploying a custom backdoor called Trojan.Kwampirs, malware that replicates itself to gather more information about the computer and network. According to a new Symantec report, Orangeworm does not attack companies at random—it does so deliberately. The Kwampirs malware has been found on MRI and X-ray machines where it “was observed to have an interest in machines used to assist patients in completing consent forms for required procedures,” the report states.
Symantec says that up to 40 percent of Orangeworm’s victims are in the healthcare industry, which has proved fruitful for other types of hacks and ransomware in the last few years. Other industries targeted by Orangeworm, which was first detected in 2015, include manufacturing, information technology, agriculture, and logistics. Symantec believes that although these industries seem unrelated to healthcare, they were targeted due to their other connections to healthcare.
“The biggest number of Orangeworm’s victims are located in the U.S., accounting for 17 percent of the infection rate by region,” the report states. “While Orangeworm has impacted only a small set of victims in 2016 and 2017 according to Symantec telemetry, we have seen infections in multiple countries due to the nature of the victims operating large international corporations.”
Click here for the full report.