US-based software firm Symantec has reported that a new attack group called Orangeworm is targeting global healthcare and related sectors in the US, Europe and Asia.

The group is found to have already infected computers associated with medical imaging devices such as MRIs and X-Rays using a custom backdoor malware called Trojan.Kwampirs.

It has also attacked machines that are used for helping patients to complete their consent forms.

Originally identified in January 2015, Orangeworm is now focussing on international companies that operate within the healthcare sector such as healthcare providers, pharmaceutical organisations and IT solution providers for healthcare and equipment manufacturers.

In addition, Symantec observed that the group also has interest in supporting organisations such as manufacturers, medical clinics and logistics firms that ultimately lead them to ‘intended victims’ within the healthcare sector.

“Orangeworm is now focussing on international companies that operate within the healthcare sector such as healthcare providers, pharmaceutical organisations and IT solution providers for healthcare and equipment manufacturers.”

Based on these findings, the software company believes that Orangeworm is potentially conducting a ‘corporate espionage’.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

A statement from Symantec read: “Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking.

“Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack.”

Kwampirs works by collecting network information of the victim such as configuration, network adapter and shares, mapped drives and files present on the computer.

In case the virus finds something of interest, it aggressively copies itself and spreads across the open network shares to infect other systems.

As the methods used by the group are ‘noisy’, Symantec thinks that they are not concerned with being discovered.

Symantec added: “The fact that little has changed with the internals of Kwampirs since its first discovery may also indicate that previous mitigation methods against the malware have been unsuccessful and that the attackers have been able to reach their intended targets despite defenders being aware of their presence within their network.”