Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-08-18TEAMT5Still Hsu, Zih-Cing Liao
@techreport{hsu:20230818:unmasking:61bd6b5, author = {Still Hsu and Zih-Cing Liao}, title = {{Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia}}, date = {2023-08-18}, institution = {TEAMT5}, url = {http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf}, language = {English}, urldate = {2023-08-23} } Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia
CatB Cobalt Strike DoorMe GIMMICK
2023-08-09BleepingComputerBill Toulas
@online{toulas:20230809:rhysida:07e5cfb, author = {Bill Toulas}, title = {{Rhysida ransomware behind recent attacks on healthcare}}, date = {2023-08-09}, organization = {BleepingComputer}, url = {https://www.bleepingcomputer.com/news/security/rhysida-ransomware-behind-recent-attacks-on-healthcare/}, language = {English}, urldate = {2023-08-25} } Rhysida ransomware behind recent attacks on healthcare
Rhysida
2023-08-09Trend MicroTrend Micro Research
@online{research:20230809:overview:973753a, author = {Trend Micro Research}, title = {{An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector}}, date = {2023-08-09}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/23/h/an-overview-of-the-new-rhysida-ransomware.html}, language = {English}, urldate = {2023-08-10} } An Overview of the New Rhysida Ransomware Targeting the Healthcare Sector
Rhysida
2023-07-26TalosNicole Hoffman
@online{hoffman:20230726:incident:4731c33, author = {Nicole Hoffman}, title = {{Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical}}, date = {2023-07-26}, organization = {Talos}, url = {https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/}, language = {English}, urldate = {2023-08-03} } Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-03-17MicrosoftAzure Network Security Team
@online{team:20230317:killnet:e66da3b, author = {Azure Network Security Team}, title = {{KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks}}, date = {2023-03-17}, organization = {Microsoft}, url = {https://www.microsoft.com/en-us/security/blog/2023/03/17/killnet-and-affiliate-hacktivist-groups-targeting-healthcare-with-ddos-attacks/}, language = {English}, urldate = {2023-04-18} } KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20230314:talos:f709c24, author = {Asheer Malhotra and Vitor Ventura}, title = {{Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency}}, date = {2023-03-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/}, language = {English}, urldate = {2023-03-20} } Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-01-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootKit
2022-12-08FortinetShunichi Imano, Fred Gutierrez
@online{imano:20221208:ransomware:b3584f6, author = {Shunichi Imano and Fred Gutierrez}, title = {{Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants}}, date = {2022-12-08}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants}, language = {English}, urldate = {2022-12-19} } Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants
AESRT ScareCrow Vohuk
2022-09-22Sentinel LABSTom Hegel
@online{hegel:20220922:void:edb8cef, author = {Tom Hegel}, title = {{Void Balaur | The Sprawling Infrastructure of a Careless Mercenary}}, date = {2022-09-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/}, language = {English}, urldate = {2022-09-27} } Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-08-17MandiantMandiant Israel Research Team
@online{team:20220817:suspected:ec23d9b, author = {Mandiant Israel Research Team}, title = {{Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors}}, date = {2022-08-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping}, language = {English}, urldate = {2022-08-19} } Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH
2022-07-21Cert-AgIDCert-AgID
@online{certagid:20220721:tecniche:292165d, author = {Cert-AgID}, title = {{Tecniche per semplificare l’analisi del malware GuLoader}}, date = {2022-07-21}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/malware/tecniche-per-semplificare-lanalisi-del-malware-guloader/}, language = {Italian}, urldate = {2022-07-25} } Tecniche per semplificare l’analisi del malware GuLoader
CloudEyE
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@techreport{fbi:20220706:csa:fcffb49, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)}}, date = {2022-07-06}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf}, language = {English}, urldate = {2022-07-13} } CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)
Maui Ransomware
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@online{fbi:20220706:alert:4231af8, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector}}, date = {2022-07-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-187a}, language = {English}, urldate = {2022-07-13} } Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Maui Ransomware
2022-03-30The RecordJonathan Greig
@online{greig:20220330:hive:b23a103, author = {Jonathan Greig}, title = {{Hive ransomware shuts down California health care organization}}, date = {2022-03-30}, organization = {The Record}, url = {https://therecord.media/hive-ransomware-shuts-down-california-health-care-organization/}, language = {English}, urldate = {2022-03-31} } Hive ransomware shuts down California health care organization
Hive Hive
2022-02-28SophosSean Gallagher
@online{gallagher:20220228:conti:bcf09a0, author = {Sean Gallagher}, title = {{Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits}}, date = {2022-02-28}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728}, language = {English}, urldate = {2022-03-02} } Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210901:strrat:82432b9, author = {Brad Duncan}, title = {{STRRAT: a Java-based RAT that doesn't care if you have Java}}, date = {2021-09-01}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27798}, language = {English}, urldate = {2021-09-02} } STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT
2021-08-23Sentinel LABSJim Walter, Juan Andrés Guerrero-Saade
@online{walter:20210823:hive:5a17aae, author = {Jim Walter and Juan Andrés Guerrero-Saade}, title = {{Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare}}, date = {2021-08-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hive-attacks-analysis-of-the-human-operated-ransomware-targeting-healthcare/}, language = {English}, urldate = {2021-08-25} } Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive
2021-05-20FBIFBI
@techreport{fbi:20210520:alert:65d3256, author = {FBI}, title = {{Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks}}, date = {2021-05-20}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210521.pdf}, language = {English}, urldate = {2021-05-26} } Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
Conti
2021-04-15ProofpointSelena Larson
@online{larson:20210415:threat:cdfef32, author = {Selena Larson}, title = {{Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes}}, date = {2021-04-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/threat-actors-pair-tax-themed-lures-covid-19-healthcare-themes}, language = {English}, urldate = {2021-08-23} } Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes
Dridex TrickBot