Orangeworm Found Attacking Healthcare-related Companies


A new cyber-crime targeting healthcare, IT, and manufacturing sectors, has been identified on April 26, 2018.

Symantec— Cyber-security firm—identified a new cyber-criminal group that is involved in conducting targeted attacks against the healthcare, IT, and manufacturing sectors in the U.S., Europe, and Asia. The group has majorly targeted sectors in the U.S. accounting for 17%, followed by India with 7% attack rate recorded, Saudi Arabia (7%), Philippines (5%), and Hungary (5%).

The attack group has been identified as Orangeworm and has been observed to install a custom a Trojan called Kwampirs. The Trojan targeted machines with software installed for use and control of high-tech imaging devices used in x-ray and MRIs. This attack provided them access to the computer system or encrypted data that bypasses the system’s customary security mechanisms.

The cyber-criminals deployed their malware within large international organizations, including healthcare providers, pharmaceuticals, IT solution providers of healthcare, and equipment manufacturers in the healthcare industry. Symantec also observed that the malware on devices used to assist patients in completing consent forms for required procedures.

According to Symantec telemetry “While Orangeworm has impacted only a small set of victims in 2016 and 2017, according to Symantec telemetry, we have seen infections in multiple countries due to the nature of the victims operating large international corporations.”

Orangeworm was first identified in January 2015, targeting attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims.