| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia. First identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage.
| 2020-07-29 ⋅ Atlantic Council ⋅ BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain EternalPetya GoldenSpy Kwampirs Stuxnet |
| 2020-03-31 ⋅ ZDNet ⋅ FBI re-sends alert about supply chain attacks for the third time in three months Kwampirs |
| 2020-03-25 ⋅ FBI ⋅ FBI Flash CP-000111-MW: Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries Kwampirs |
| 2020-03-25 ⋅ Reversing Labs ⋅ Unpacking the Kwampirs RAT Kwampirs |
| 2020-02-10 ⋅ ZDNet ⋅ FBI warns about ongoing attacks against software supply chain companies DistTrack Kwampirs |
| 2019-03-13 ⋅ Security Art Work ⋅ ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE Kwampirs |
| 2019 ⋅ MITRE ⋅ Group description: Orangeworm Orangeworm |
| 2018-04-23 ⋅ Symantec ⋅ New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia Kwampirs Orangeworm |