Security News

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors abusing the foothold to deliver Cobalt Strike and SystemBC for post-exploitation.

The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons. The campaign goal is to deploy the Cobalt Strike post-exploitation toolkit on infected devices for initial access to corporate networks.

A wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Like other malware of its kind, Gootkit is capable of stealing data from the browser, performing adversary-in-the-browser attacks, keylogging, taking screenshots, and other malicious actions.

This week saw a lot of ransomware news, ranging from new extortion tactics, to a ransomware gang giving away a free decryptor after attacking a children's hospital. We also learned more information this week about various cyberattacks, which have now been confirmed as ransomware.

Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals. [...]

The U.S. Department of Health and Human Services has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center said [PDF].

Newish ransomware gang Royal has been spotted targeting the healthcare sector, the US Department of Health and Human Services has said. FBI warns about Cuba, no, not that one - the ransomware gang Alert: This ransomware preys on healthcare orgs via weak-ass VPN servers REvil-hit Medibank to pull plug on IT, shore up defenses Hospital giant's IT still poorly a week after suspected ransomware infection.

U.S. healthcare organizations could be in the crosshairs of a new cyberthreat collective dubbed Royal. The warning from HHS's Health Sector Cybersecurity Coordination Center identified the relatively new group as perps behind several attacks first appearing in September 2022 against Healthcare and Public Healthcare targets.

The U.S. Department of Health and Human Services issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center -HHS' security team- revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs.