Cybersecurity firm Kaspersky Lab’s researchers have discovered evidence of an emerging and alarming trend in which more advanced cyber criminals are turning their attention to the healthcare sector. The famous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing precious drug formulas and business information.
PlugX malware is a well-known remote access tool (RAT), which usually spread via spear phishing and has previously been detected in targeted attacks against the military, government and political organizations.
The RAT has been used by a number of Chinese-speaking cyber threat actors, including Deep Panda, NetTraveler or Winnti. In 2013, it was discovered that the latter - responsible for attacking companies in the online gaming industry - had been using PlugX since May 2012. Interestingly, Winnti has also been present in attacks against pharmaceutical companies, where the aim has been to steal digital certificates from medical equipment and software manufacturers.
PlugX allows attackers to perform various malicious operations on a system without the user’s permission or authorization, including - but not limited to - copying and modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity. PlugX, as with other RATs, is used by cyber criminals to discreetly steal and collect sensitive or profitable information for malicious purposes.
RAT usage in attacks against pharmaceutical organizations indicates that sophisticated APT actors are showing an increased interest in capitalizing on the healthcare sector.
Kaspersky also shared couple of findings from 2017 research regarding attacks on the healthcare sector. According to the firm, more than 60% of medical organizations had malware on their servers or computers while the Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organizations.