Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2023-03-14Cisco TalosAsheer Malhotra, Vitor Ventura
@online{malhotra:20230314:talos:f709c24, author = {Asheer Malhotra and Vitor Ventura}, title = {{Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency}}, date = {2023-03-14}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/}, language = {English}, urldate = {2023-03-20} } Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency
Poet RAT Loda
2023-01-09TrendmicroHitomi Kimura, Ryan Maglaque, Fe Cureg, Trent Bessell
@online{kimura:20230109:gootkit:585185a, author = {Hitomi Kimura and Ryan Maglaque and Fe Cureg and Trent Bessell}, title = {{Gootkit Loader Actively Targets Australian Healthcare Industry}}, date = {2023-01-09}, organization = {Trendmicro}, url = {https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html}, language = {English}, urldate = {2023-01-13} } Gootkit Loader Actively Targets Australian Healthcare Industry
GootKit
2022-12-08FortinetShunichi Imano, Fred Gutierrez
@online{imano:20221208:ransomware:b3584f6, author = {Shunichi Imano and Fred Gutierrez}, title = {{Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants}}, date = {2022-12-08}, organization = {Fortinet}, url = {https://www.fortinet.com/blog/threat-research/ransomware-roundup-new-vohuk-scarecrow-and-aerst-variants}, language = {English}, urldate = {2022-12-19} } Ransomware Roundup – New Vohuk, ScareCrow, and AERST Variants
AESRT ScareCrow Vohuk
2022-09-22Sentinel LABSTom Hegel
@online{hegel:20220922:void:edb8cef, author = {Tom Hegel}, title = {{Void Balaur | The Sprawling Infrastructure of a Careless Mercenary}}, date = {2022-09-22}, organization = {Sentinel LABS}, url = {https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/}, language = {English}, urldate = {2022-09-27} } Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
Void Balaur
2022-08-17MandiantMandiant Israel Research Team
@online{team:20220817:suspected:ec23d9b, author = {Mandiant Israel Research Team}, title = {{Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors}}, date = {2022-08-17}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/suspected-iranian-actor-targeting-israeli-shipping}, language = {English}, urldate = {2022-08-19} } Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
NorthStar SUGARDUMP SUGARRUSH
2022-07-21Cert-AgIDCert-AgID
@online{certagid:20220721:tecniche:292165d, author = {Cert-AgID}, title = {{Tecniche per semplificare l’analisi del malware GuLoader}}, date = {2022-07-21}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/malware/tecniche-per-semplificare-lanalisi-del-malware-guloader/}, language = {Italian}, urldate = {2022-07-25} } Tecniche per semplificare l’analisi del malware GuLoader
CloudEyE
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@techreport{fbi:20220706:csa:fcffb49, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)}}, date = {2022-07-06}, institution = {CISA}, url = {https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf}, language = {English}, urldate = {2022-07-13} } CSA AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector (PDF)
Maui Ransomware
2022-07-06CISAFBI, CISA, Department of the Treasury (Treasury)
@online{fbi:20220706:alert:4231af8, author = {FBI and CISA and Department of the Treasury (Treasury)}, title = {{Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector}}, date = {2022-07-06}, organization = {CISA}, url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-187a}, language = {English}, urldate = {2022-07-13} } Alert (AA22-187A): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Maui Ransomware
2022-03-30The RecordJonathan Greig
@online{greig:20220330:hive:b23a103, author = {Jonathan Greig}, title = {{Hive ransomware shuts down California health care organization}}, date = {2022-03-30}, organization = {The Record}, url = {https://therecord.media/hive-ransomware-shuts-down-california-health-care-organization/}, language = {English}, urldate = {2022-03-31} } Hive ransomware shuts down California health care organization
Hive Hive
2022-02-28SophosSean Gallagher
@online{gallagher:20220228:conti:bcf09a0, author = {Sean Gallagher}, title = {{Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits}}, date = {2022-02-28}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/?cmp=30728}, language = {English}, urldate = {2022-03-02} } Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
Conti Karma
2021-10-07MandiantJoshua Shilko, Zach Riddle, Jennifer Brooks, Genevieve Stark, Adam Brunner, Kimberly Goody, Jeremy Kennelly
@online{shilko:20211007:fin12:43d89f5, author = {Joshua Shilko and Zach Riddle and Jennifer Brooks and Genevieve Stark and Adam Brunner and Kimberly Goody and Jeremy Kennelly}, title = {{FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets}}, date = {2021-10-07}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets}, language = {English}, urldate = {2021-10-08} } FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
BazarBackdoor GRIMAGENT Ryuk
2021-09-01InfoSec Handlers Diary BlogBrad Duncan
@online{duncan:20210901:strrat:82432b9, author = {Brad Duncan}, title = {{STRRAT: a Java-based RAT that doesn't care if you have Java}}, date = {2021-09-01}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27798}, language = {English}, urldate = {2021-09-02} } STRRAT: a Java-based RAT that doesn't care if you have Java
STRRAT
2021-08-23Sentinel LABSJim Walter, Juan Andrés Guerrero-Saade
@online{walter:20210823:hive:5a17aae, author = {Jim Walter and Juan Andrés Guerrero-Saade}, title = {{Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare}}, date = {2021-08-23}, organization = {Sentinel LABS}, url = {https://labs.sentinelone.com/hive-attacks-analysis-of-the-human-operated-ransomware-targeting-healthcare/}, language = {English}, urldate = {2021-08-25} } Hive Attacks | Analysis of the Human-Operated Ransomware Targeting Healthcare
Hive
2021-05-20FBIFBI
@techreport{fbi:20210520:alert:65d3256, author = {FBI}, title = {{Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks}}, date = {2021-05-20}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210521.pdf}, language = {English}, urldate = {2021-05-26} } Alert Number CP-000147-MW: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
Conti
2021-04-15ProofpointSelena Larson
@online{larson:20210415:threat:cdfef32, author = {Selena Larson}, title = {{Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes}}, date = {2021-04-15}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/security-briefs/threat-actors-pair-tax-themed-lures-covid-19-healthcare-themes}, language = {English}, urldate = {2021-08-23} } Threat Actors Pair Tax-Themed Lures With COVID-19, Healthcare Themes
Dridex TrickBot
2021-03-12HealthcareInfoSecurityPrajeet Nair
@online{nair:20210312:spearphishing:6df60be, author = {Prajeet Nair}, title = {{Spear-Phishing Campaign Distributes Nim-Based Malware}}, date = {2021-03-12}, organization = {HealthcareInfoSecurity}, url = {https://www.healthcareinfosecurity.com/spear-phishing-campaign-distributes-nim-based-malware-a-16176}, language = {English}, urldate = {2021-06-29} } Spear-Phishing Campaign Distributes Nim-Based Malware
BazarNimrod
2020-11-13MicrosoftTom Burt
@online{burt:20201113:cyberattacks:d848567, author = {Tom Burt}, title = {{Cyberattacks targeting health care must stop}}, date = {2020-11-13}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/}, language = {English}, urldate = {2020-11-18} } Cyberattacks targeting health care must stop
2020-11-04VMRayGiovanni Vigna
@online{vigna:20201104:trick:a59a333, author = {Giovanni Vigna}, title = {{Trick or Threat: Ryuk ransomware targets the health care industry}}, date = {2020-11-04}, organization = {VMRay}, url = {https://blogs.vmware.com/networkvirtualization/2020/11/trick-or-threat-ryuk-ransomware-targets-the-health-care-industry.html/}, language = {English}, urldate = {2020-11-06} } Trick or Threat: Ryuk ransomware targets the health care industry
BazarBackdoor Cobalt Strike Ryuk TrickBot
2020-10-29CNNVivian Salama, Alex Marquardt, Lauren Mascarenhas
@online{salama:20201029:several:88d8127, author = {Vivian Salama and Alex Marquardt and Lauren Mascarenhas}, title = {{Several hospitals targeted in new wave of ransomware attacks}}, date = {2020-10-29}, organization = {CNN}, url = {https://edition.cnn.com/2020/10/28/politics/hospitals-targeted-ransomware-attacks/index.html}, language = {English}, urldate = {2020-11-02} } Several hospitals targeted in new wave of ransomware attacks
Ryuk
2020-10-29Palo Alto Networks Unit 42Brittany Barbehenn, Doel Santos, Brad Duncan
@online{barbehenn:20201029:threat:de33a6d, author = {Brittany Barbehenn and Doel Santos and Brad Duncan}, title = {{Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector}}, date = {2020-10-29}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/ryuk-ransomware/}, language = {English}, urldate = {2020-11-02} } Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
Anchor BazarBackdoor Ryuk TrickBot