HC3 Analyst Note
HC3 TLP White Analyst Note - CL0P Ransomware Poses Ongoing Risk to HPH Organizations
The French National Agency for the Security of Information Systems (ANSSI) has identified a new variant of the Ryuk ransomware that is capable of self-replicating using existing Windows processes.
Executive Summary
Microsoft released patches for four Exchange Server zero-day vulnerabilities on March 2, 2021. They are being actively and aggressively exploited by sophisticated state-sponsored threat actors who have a history of targeting healthcare organizations. Sinc ethe release of the…
Microsoft released patches for four Exchange Server zero-day vulnerabilities that are being actively exploited by sophisticated threat actors who have a history of targeting healthcare organizations with cyberattacks.
Accellion, a managed service provider focused on collaboration and secure file sharing, was recently compromised in an attack which has impacted their customers.
On December 8, 2020, a report titled Amnesia:33 developed by Forescout disclosed multiple zero-day vulnerabilities in the TCP/IP stacks impacting numerous Operational Technology (OT), Internet of Things (IoT), Building Automation Systems, and Information Technology (IT) devices.
CLOP, a ransomware variant associated with the FIN11 threat actor group and the double extortion tactic, has previously targeted several U.S. healthcare and public health (HPH) organizations.
Mandiant recently elevated a tracked threat cluster to the named threat group FIN11. Beginning in 2016 with phishing campaigns, this group has moved into double extortion ransomware operations utilizing CLOP ransomware.
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult.
In August 2020, security researchers identified a malicious email campaign impersonating a US hospital that was observed delivering a variety of information stealing trojans, including AgentTesla, Formbook, Matiex, and njRatAzorult.