Last October, a threat actor known as UNC1878 made headlines for a widespread criminal campaign targeting the healthcare industry (and other organizations) around the world.
Over three months have passed since this group’s activities became widely known, yet in spite of high public awareness, many of UNC1878’s victims remain actively compromised to this day.
Prevailion’s APEX Platform continues to observe active beaconing by UNC1878 malware from prominent hospitals and healthcare providers in the United States, as well as other countries. These unmitigated compromises are concerning due to the sensitive nature of hospital networks.
Due to the high level of persistent malware beacon activity observed, these healthcare organizations are at risk not only of an imminent encryption attack by Ryuk or other ransomware families, but they are also at risk of ongoing data exfiltration by this Russian threat actor.
The APEX Platform has also observed active beaconing by as yet unidentified malware or toolkits deployed by UNC1878 in these network environments.
Since the risks posed by UNC1878 are significant, ranging from sensitive information theft to high-priced extortion and service disruption, it is imperative for all healthcare organizations to thoroughly examine their networks for any IOCs by this threat actor.
Prevailion continues to provide free access to the APEX Platform for any organization that would like to check its own network for compromise activity by UNC1878 or other threat actors.
Despite the many regulations from GDPR to CCPA, HIPAA, and PCI DSS that mandate a company report a data breach, many corporate hacks go unreported. Certainly, compliance is a driving force for the organizations that do report a data breach. Still, in 2019, CSO Online reported that the FBI’s Internet Crime Complaint Center received reports […]
Over a decade ago, security researchers at Microsoft identified a computer worm and dubbed it Ramnit. The malware family, “infects Windows executable files (.EXE) and HTML files (.HTML). It can also give a malicious hacker access to your PC. It spreads through infected removable drives, such as USB flash drives,” Microsoft warned. Fast forward to […]