iTnews

Orangeworm menaces healthcare computers

By Juha Saarinen, iTnews on Apr 24, 2018 10:42AM
Orangeworm menaces healthcare computers

Plants Kwampirs backdoors.

Security vendor Symantec believes it has identified a hacking group that is planting remote access software on medical computers in order to steal information.

Dubbed Orangeworm by Symantec, the attackers have conducted supply chain attacks on healthcare providers, pharma companies, as well as IT solution providers and equipment makers for the medical sector, since January 2015.

Targets are chosen carefully, Symantec said, with attackers planting the Kwampirs backdoor on computers.

The computers targeted include ones that control X-ray and magnetic resonance imaging (MRI) machines, as well as systems that assist patients in completing consent forms for medical procedures.

Kwampirs is a persistent information stealer and backdoor that survives reboots of computers.

Symantec believes Orangeworm initially collects basic information about computers to determine if a high-value target has been compromised.

If a high-value target is found, Orangeworm uses Kwampirs to aggressively copy the backdoor to open network shares, so as to infect more computers. 

This is an old-fashioned attack method that remains effective against Windows XP, Microsoft's out of support operating system that is still used widely in the healthcare sector.

Orangeworm also tries to capture and exfiltrate as much information as possible from high-value targets and doesn't make a great deal of effort to avoid detection in the process.

Symantec did not identify who is behind Orangeworm but said indications are that the attacks are likely conducted by an individual, or small group of people, rather than a nation-state actor.

Only a small set of victims was identified by Symantec in 2016 and 2017, most of them being in the United States, and Asia.

Smaller numbers of targets were found by Symantec telemetry in Europe, but so far no Orangeworm victims have been found in Australia and New Zealand.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
healthcare kwampir orangeworm security symantec

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Juha Saarinen, iTnews
Apr 24 2018
10:42AM
0 Comments

Related Articles

  • Australian health sector does not have 'cybersecurity problem', says insurer
  • Reserve Bank of NZ governor apologises for 'serious' data breach
  • Google unravels state-of-art Android and Windows exploit chains
  • Mimecast says hackers hijacked its products
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Signal to ramp up hiring after WhatsApp controversy drives download surge

Signal to ramp up hiring after WhatsApp controversy drives download surge

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.