SYMBOLCOMMON_NAMEaka. SYNONYMS

Orangeworm  (Back to overview)


Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia. First identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage.


Associated Families
win.kwampirs

References
2020-07-29Atlantic CouncilTrey Herr, June Lee, William Loomis, Stewart Scott
@techreport{herr:20200729:breaking:d37db04, author = {Trey Herr and June Lee and William Loomis and Stewart Scott}, title = {{BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain}}, date = {2020-07-29}, institution = {Atlantic Council}, url = {https://www.atlanticcouncil.org/wp-content/uploads/2020/07/Breaking-trust-Shades-of-crisis-across-an-insecure-software-supply-chain.pdf}, language = {English}, urldate = {2020-08-05} } BREAKING TRUST: Shades of Crisis Across an Insecure Software Supply Chain
EternalPetya GoldenSpy Kwampirs Stuxnet
2020-03-31ZDNetCatalin Cimpanu
@online{cimpanu:20200331:fbi:91630df, author = {Catalin Cimpanu}, title = {{FBI re-sends alert about supply chain attacks for the third time in three months}}, date = {2020-03-31}, organization = {ZDNet}, url = {https://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/}, language = {English}, urldate = {2020-04-07} } FBI re-sends alert about supply chain attacks for the third time in three months
Kwampirs
2020-03-25FBIFBI
@online{fbi:20200325:fbi:f2ba305, author = {FBI}, title = {{FBI Flash CP-000111-MW: Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries}}, date = {2020-03-25}, organization = {FBI}, url = {http://www.documentcloud.org/documents/6821581-FLASH-CP-000111-MW-Downgraded-Version.html}, language = {English}, urldate = {2020-04-07} } FBI Flash CP-000111-MW: Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries
Kwampirs
2020-03-25Reversing LabsKarlo Zanki
@online{zanki:20200325:unpacking:0d7085a, author = {Karlo Zanki}, title = {{Unpacking the Kwampirs RAT}}, date = {2020-03-25}, organization = {Reversing Labs}, url = {https://blog.reversinglabs.com/blog/unpacking-kwampirs-rat}, language = {English}, urldate = {2020-03-26} } Unpacking the Kwampirs RAT
Kwampirs
2020-02-10ZDNetCatalin Cimpanu
@online{cimpanu:20200210:fbi:1904430, author = {Catalin Cimpanu}, title = {{FBI warns about ongoing attacks against software supply chain companies}}, date = {2020-02-10}, organization = {ZDNet}, url = {https://www.zdnet.com/article/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies/}, language = {English}, urldate = {2020-02-11} } FBI warns about ongoing attacks against software supply chain companies
DistTrack Kwampirs
2019-03-13Security Art WorkLab52
@online{lab52:20190313:orangeworm:396a091, author = {Lab52}, title = {{ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE}}, date = {2019-03-13}, organization = {Security Art Work}, url = {https://www.securityartwork.es/2019/03/13/orangeworm-group-kwampirs-analysis-update/}, language = {English}, urldate = {2020-01-06} } ORANGEWORM GROUP – KWAMPIRS ANALYSIS UPDATE
Kwampirs
2019MITREMITRE ATT&CK
@online{attck:2019:orangeworm:7b6180d, author = {MITRE ATT&CK}, title = {{Group description: Orangeworm}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0071/}, language = {English}, urldate = {2019-12-20} } Group description: Orangeworm
Orangeworm
2018-04-23SymantecSecurity Response Attack Investigation Team
@online{team:20180423:new:7b44d39, author = {Security Response Attack Investigation Team}, title = {{New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia}}, date = {2018-04-23}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia}, language = {English}, urldate = {2020-01-13} } New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
Kwampirs Orangeworm

Credits: MISP Project