Newly identified Trojan targets healthcare sector

Newly identified Trojan targets healthcare sector

Orangeworm has been installing Trojan.Kwampirs backdoor on Windows systems since 2015

Symantec has identified a hacker group dubbed Orangeworm that has been targeting the healthcare sector in several countries since 2015.

According to the cyber security vendor, Orangeworm has been installing a custom backdoor called Trojan.Kwampirs within large international organisations with operations in the US, Europe and Asia.

Trojan.Kwampirs is a Trojan horse able to open a backdoor on a computer and may also download malicious files. It was first discovered in August 2016 and affects Windows systems.

According to Symantec, the backdoor can collect basic network adapter information, system version information, and language settings. Once a possible victim is identified Orangeworm copies the backdoor available network shares and infect other computers.

Targeted attacks identified also affected related industries including healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry.

Orangeworm does not seem to operate randomly, instead it picks its victims carefully, found Symantec based on the list of known victims.

Of the confirmed affected organisations, healthcare accounts for 39 per cent of the attacks and IT and manufacturing with 15 per cent each.

"The Kwampirs malware was found on machines which had software installed for the use and control of high-tech imaging devices such as X-Ray and MRI machines," Symantec's security response attack investigation team said in a blog post.

"Additionally, Orangeworm was observed to have an interest in machines used to assist patients in completing consent forms for required procedures" it said.

Symantec said that the motives behind the attacks is unclear, however they are likely to be of corporate espionage nature.

Orangeworm has affected organisations in several countries across the Americas, Europe and Asia but there was only a "small" number of organisations in 2016 and 2017.

Locally, Symantec is yet to confirm if any Australian organisations were affected, however if any the number is likely to be small as the US appears to have been the focus.

"I don't think that it is because Australia isn't vulnerable we just were not targeted by this particular group," Symantec Asia Pacific and Japan CTO, Nick Savvides, said.

According to Savvides, healthcare data can sell in the black market for between US$25 and US$40 per record, while an email address sells for cents.

Savvides explained that this happens due to the information contained within medical records which are generally very rich in PII (personally identifiable information) data and also has financial data associated with it.

The first quarterly Notifiable Data Breaches (NDB) report, published by the Office of the Australian Information Commissioner (OAIC), revealed that health services providers were the highest ranking in breaches reported with 24 per cent.

A total of 63 notifications were received with 33 per cent of all data breaches received were reported to involve people's health information.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags symantecOrangeworm


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments