H-ISAC TLP White Threat Bulletin Eclypsium Researchers Release Technical Details on Malicious Bootkits Oct 22, 2021

In the past several weeks, two separate bootkits have been reported publicly, FinSpy and ESPecter. These malicious tools bypass operating system security capabilities by executing first and modifying the kernel as it loads in the boot process. 

Eclypsium researchers have been tracking these bootloaders for an extended period of time, and new indicators of compromise (IOCs) have been released to specifically identify the types of attacks by these bootloaders.

The Health-ISAC Threat Operations Center is releasing these reports, which can be accessed here, for FinSpy, and here, for ESPecter, to improve the overall security and threat awareness of the Health-ISAC member community

Key Resources

Related Resources

Advisory
CrowdStrike Technology Outage Causing Global Disruption, Including Impacts on Hospitals
Letter/Comment
AHA Responds to CISA Proposed Rule on Cyber Incident Reporting Requirements
Public
Advisory
HHS Issues Alert on Critical Vulnerability in ‘MOVEit,’ File Transfer Platform Used by Health Care Sector
Public
Issue Landing Page
Support for your Cybersecurity Program
Special Bulletin
AHA Helps Secure New Cybersecurity Resources from Microsoft and Google to Assist Rural Hospitals
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Two
Public