Kwampirs threat actor continues to breach transnational healthcare orgs

2020-03-31 10:16

The Kwampirs attack group continues to target global healthcare entities in this time of crisis, the FBI has warned.

"The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products. Infected software supply chain vendors included products used to manage industrial control system assets in hospitals."

Kwampirs actors have successfully gained and sustained persistent presence on victim networks for a time period ranging from three to 36 months.

The notice delivers best practices for network security and defense to be incorporated before infection, recommended post-infection actions and identifies residual Kwampirs RAT host artifacts that can help companies to determine if they were a victim.

SANS ISC handler Johannes Ullrich notes that Kwampirs will likely enter an organization's network undetected as part of a software update from a trusted vendor.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/CQCDRPqkegU/

#breach #healthcare #threat