Security News > 2024 > April > US Health Dept warns hospitals of hackers targeting IT help desks
The U.S. Department of Health and Human Services warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health sector.
The sector alert issued by the Health Sector Cybersecurity Coordination Center this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication devices.
"The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single letter variation of the target organization and created an account impersonating the target organization's Chief Financial Officer."
The tactics described in the Health Department alert are very similar to those used by the Scattered Spider threat group, which also uses phishing, MFA bombing, and SIM swapping to gain initial network access.
Scattered Spider hackers recently encrypted MGM Resorts' systems using BlackCat/ALPHV ransomware.
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks.
News URL
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US says Chinese hackers breached multiple telecom providers (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)