Hackers Behind Healthcare Espionage Infect X-Ray and MRI Machines

Security researchers have uncovered a new hacking group that is aggressively targeting healthcare organizations and related sectors across the globe to conduct corporate espionage.

Dubbed "Orangeworm," the hacking group has been found installing a wormable trojan on machines hosting software used for controlling high-tech imaging devices, such as X-Ray and MRI machines, as well as machines used to assist patients in completing consent forms.

After getting into the victim's network, attackers install a trojan, dubbed Kwampirs, which opens a backdoor on the compromised computers, allowing attackers to remotely access equipment and steal sensitive data.

While decrypting, the Kwampirs malware inserts a randomly generated string into its main DLL payload in an attempt to evade hash-based detection. The malware also starts a service on the compromised systems to persist and restart after the system reboots.

Kwampirs then collects some basic information about the compromised computers and send it to the attackers to a remote command-and-control server, using which the group determines whether the hacked system is used by a researcher or a high-value target.

Besides health-care providers and pharmaceutical companies that account for nearly 40% of targets, Orangeworm has also launched attacks against other industries including information technology and manufacturing sectors, agriculture, and logistics.