APT Helps Spy on Pharma Firms

Tuesday, March 13, 2018 @ 02:03 PM gHale

More advanced attackers are turning their attention to attacks against the healthcare sector, researchers said.

Along those lines, PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing drug formulas and business information, said researchers at Kaspersky Lab.

Strategic Malware Attacks Grow: Report
Possible to Hack Windows 10 Via Voice
Slingshot Spyware from Router
Mobile Ad Trojans Decline, Threats Rise

PlugX malware is a well-known remote access tool (RAT). It is usually spreads via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations.

This particular RAT has seen action with Chinese-speaking attackers, including Deep Panda, NetTraveler or Winnti.

In 2013, it was discovered Winnti, which was responsible for attacking companies in the online gaming industry, had been using PlugX since May 2012. In addition, Winnti has also been used in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.

PlugX RAT allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including (but not limited to) copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. Attackers use PlugX, as with other RATs, to discreetly steal and collect sensitive or profitable information for malicious purposes.

RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.

“Private and confidential healthcare data is steadily migrating from paper to digital form within medical organizations,” said Yury Namestnikov, security researcher, Kaspersky Lab. “While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organizations demonstrate yet another battle that we need to fight – and win – against cybercriminals.”

Leave a Reply

You must be logged in to post a comment.