US-based software firm Symantec has reported that a new attack group called Orangeworm is targeting global healthcare and related sectors in the US, Europe and Asia.
The group is found to have already infected computers associated with medical imaging devices such as MRIs and X-Rays using a custom backdoor malware called Trojan.Kwampirs.
It has also attacked machines that are used for helping patients to complete their consent forms.
Originally identified in January 2015, Orangeworm is now focussing on international companies that operate within the healthcare sector such as healthcare providers, pharmaceutical organisations and IT solution providers for healthcare and equipment manufacturers.
In addition, Symantec observed that the group also has interest in supporting organisations such as manufacturers, medical clinics and logistics firms that ultimately lead them to ‘intended victims’ within the healthcare sector.
Based on these findings, the software company believes that Orangeworm is potentially conducting a ‘corporate espionage’.
A statement from Symantec read: “Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking.
“Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack.”
Kwampirs works by collecting network information of the victim such as configuration, network adapter and shares, mapped drives and files present on the computer.
In case the virus finds something of interest, it aggressively copies itself and spreads across the open network shares to infect other systems.
As the methods used by the group are ‘noisy’, Symantec thinks that they are not concerned with being discovered.
Symantec added: “The fact that little has changed with the internals of Kwampirs since its first discovery may also indicate that previous mitigation methods against the malware have been unsuccessful and that the attackers have been able to reach their intended targets despite defenders being aware of their presence within their network.”