Cyware Weekly Threat Intelligence - January 09–13

Weekly Threat Briefing • January 13, 2023
Weekly Threat Briefing • January 13, 2023
The healthcare sector has always been at risk of third-party attacks owing to a huge trove of PHI that is ripe for misuse by threat actors. With an aim to protect this information, a group of over 20 healthcare organizations has come together to form the Health3PT Council which aims at introducing new standards and automated workflows. In another development, New York has ramped up its cybersecurity investment with an additional top-up of $35 million for this year’s state cybersecurity budget.
Meanwhile, ransomware groups are as usual having a field day, targeting multiple organizations and stealing their confidential data. While the LockBit ransomware was claimed to be behind the recent attack against the U.K’s Royal Mail, the Hive ransomware group leaked 550 GB of data stolen from Consulate Health Care. An ongoing spear-phishing attack from Dark Pink APT has also been found aiming at government and military organizations in Asia-Pacific.
Several notorious malware resurfaced in different attack campaigns reported this week. While Vidar infostealer was found being distributed via over 1300 domains impersonating known official sites, the GootKit loader was discovered leveraging SEO poisoning to target the Australian healthcare industry. A cybercrime group tracked as Scattered Spider was also observed exploiting an old flaw as part of a BYOVD attack.