The new attack group uses malware to infect systems associated with healthcare. Credit: Markus Spiske on Unsplash.

US-based software firm Symantec has reported that a new attack group called Orangeworm is targeting global healthcare and related sectors in the US, Europe and Asia.

The group is found to have already infected computers associated with medical imaging devices such as MRIs and X-Rays using a custom backdoor malware called Trojan.Kwampirs.

Go deeper with GlobalData

Go deeper with GlobalData

The gold standard of business intelligence.

Find out more

Discover B2B Marketing That Performs

Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.

Find out more

It has also attacked machines that are used for helping patients to complete their consent forms.

Originally identified in January 2015, Orangeworm is now focussing on international companies that operate within the healthcare sector such as healthcare providers, pharmaceutical organisations and IT solution providers for healthcare and equipment manufacturers.

In addition, Symantec observed that the group also has interest in supporting organisations such as manufacturers, medical clinics and logistics firms that ultimately lead them to ‘intended victims’ within the healthcare sector.

“Orangeworm is now focussing on international companies that operate within the healthcare sector such as healthcare providers, pharmaceutical organisations and IT solution providers for healthcare and equipment manufacturers.”

Based on these findings, the software company believes that Orangeworm is potentially conducting a ‘corporate espionage’.

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

A statement from Symantec read: “Based on the list of known victims, Orangeworm does not select its targets randomly or conduct opportunistic hacking.

“Rather, the group appears to choose its targets carefully and deliberately, conducting a good amount of planning before launching an attack.”

Kwampirs works by collecting network information of the victim such as configuration, network adapter and shares, mapped drives and files present on the computer.

In case the virus finds something of interest, it aggressively copies itself and spreads across the open network shares to infect other systems.

As the methods used by the group are ‘noisy’, Symantec thinks that they are not concerned with being discovered.

Symantec added: “The fact that little has changed with the internals of Kwampirs since its first discovery may also indicate that previous mitigation methods against the malware have been unsuccessful and that the attackers have been able to reach their intended targets despite defenders being aware of their presence within their network.”

Medical Device Network Excellence Awards - Nominations Closed

Nominations are now closed for the Medical Device Network Excellence Awards. A big thanks to all the organisations that entered – your response has been outstanding, showcasing exceptional innovation, leadership, and impact

Excellence in Action
HemoSonics has won the 2025 Marketing Award for its impactful promotion of theQuantra Hemostasis System and leadership in blood management education. See how targeted campaigns, thought leadership content, and hands on clinician training are accelerating Quantra’s market traction and shaping the future of hemostasis testing.

Discover the Impact