Data Loss Prevention (DLP) , Endpoint Security , Governance & Risk Management

Analysis: 'Orangeworm' Attacks Appear to Involve Espionage

Symantec Researcher Jon DiMaggio Analyzes Group's Attacks on the Healthcare Sector
Analysis: 'Orangeworm' Attacks Appear to Involve Espionage
Jon DiMaggio, senior threat intelligence analyst, Symantec

Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems - ranging from MRI equipment to pharmaceutical bottle labeling systems, says researcher Jon DiMaggio of security vendor Symantec, which has been tracking activities of a hacker group the company has dubbed "Orangeworm." (See Symantec: 'Orangeworm' Group Hits Healthcare Organizations

The attackers "were spending a large amount of time on a lot of the technology-based devices" within the healthcare sector entities targeted, DiMaggio says in an in-depth interview with Information Security Media Group about Orangeworm.

"So, one theory that we have is that they're doing this because they want to understand how these systems work ... They want to learn the software.

"As far as what they're actually exfiltrating, that's different from organization to organization. But one of the things that's clear is that they're not stealing ... patient information ... for financial gain. We're not seeing that. It definitely appears to be more of a corporate espionage motived attack ... an [intellectual property]-collection type of operation."

On Monday, Symantec disclosed it has been tracking Orangeworm for three years. The group has been targeting large healthcare sector companies in the U.S., Europe and Asia.

Orangeworm appears to infiltrate networks by taking advantage of vulnerabilities and then installing Trojan.Kwampirs backdoor malware, Symantec reports.

In terms of the type of intellectual property that appears to be targeted by the attackers, "the primary reason someone would want that would be to either mimic, or develop ... or pirate another version of that software - or to gain information for some secondary objective we haven't seen yet," DiMaggio says.

In the interview (see audio link below photo), DiMaggio also discusses:

  • Details about the attacks identified by Symantec, including the variety of systems targeted and potentially how the assaults are carried out;
  • Steps entities can take to prevent becoming an Orangeworm victim;
  • Whether the attacks pose potential safety concerns to patients.

DiMaggio is a senior threat intelligence analyst at Symantec's security response group. He has over 12 years of experience, including expertise in analyzing advanced persistent threats. DiMaggio specializes in identifying and tracking threat actors/groups and hacktivist operations against targeted organizations.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.