HC3 Analyst Note TLP White - SDBBot Malware threat to US Healthcare Organizations

The Australian Cyber Security Center (ACSC) published an alert on November 12 related to two malware variants – Clop (ransomware) and SDBBot, a remote access trojan (RAT), noting that they together have recently been used by one or more cybercriminal groups to target Australian healthcare organizations. HC3 has historically observed the targeting of healthcare organizations often crossing international borders. Furthermore, the threat actor believed to utilize Clop and SDBBot has targeted American healthcare previously, including a campaign using the Coronavirus as a phishing theme. As such, HC3 believes the US healthcare community are at al elevated threat of being targeted by both Clop and SDBBot. This report will analyze and recommend defensive measures for SDBBot and will be released along with a companion report addressing Clop ransomware

Key Resources

Related Resources

Guides/Reports
HC3 TLP Clear: Privileged User Compromise
Public
Special Bulletin
Red Cross, America’s Blood Centers, AABB Say U.S. Faces Critical Blood and Platelet Shortages
Public
Advancing Health Podcast
Going International: The FBI's Global Fight Against Cybercrime
Public
Advisory
American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White
Public
Advisory
Hospitals in Florida, Other States Impacted by Effects of Cyberattack on Blood-donation Nonprofit OneBlood
Member
Guides/Reports
CLEAR Crisis Leadership Tip Sheets