Yet another hacker crew has been battering the healthcare industry in recent months.
But rather than just aim for the PCs, its also gotten footholds on the computers controlling X-Ray, MRI and other medical machines, according to a report from Symantec on Thursday.
The hacker group, dubbed Orangeworm, is mainly targeting American healthcare organizations, though there are a number of victims worldwide, including in Asia and Europe. But rather than do anything destructive, Orangeworm is likely using leverage on those medical devices - designed to process and view images from X-Ray and MRI machines - to learn more about them as part of an ongoing corporate espionage operation, Symantec said.
"Due to the fact that the attacks attempted to keep infections active for long periods of time on these devices, it's more likely the group are interested in learning how these devices operate. We have not collected any evidence to suggest the attackers have planned to perform any sabotage type activities at this time," said Alan Neville, Symantec researcher.
That's not to say the attackers couldn't carry out more aggressive attacks. Once they've successfully infected a computer with their malware, called Kwampirs, "the attackers have the ability to extend the malware’s functionality by downloading and executing additional modules in memory," Neville added. "These modules may be customized to the victim’s environment to assist the attackers in performing any desirable action on these devices," he said. Adding to the intrigue, Orangeworm also showed an interest in "machines used to assist patients in completing consent forms for required procedures," Symantec wrote.
But Orangeworm hasn't just targeted healthcare. Secondary targets included manufacturing, information technology, agriculture and logistics. Many had links to the healthcare industry, Symantec added. The hackers have also been remarkably targeted, with victims in the tens across 2016 and 2017.
The researchers haven't been able to track down Orangeworm's nationality. And, though such espionage might appear to be the work of a government, Symantec said it was unlikely. "While Orangeworm is known to have been active for at least several years, we do not believe that the group bears any hallmarks of a state-sponsored actor—it is likely the work of an individual or a small group of individuals. There are currently no technical or operational indicators to ascertain the origin of the group," the company wrote in a blog post Monday.
This isn't the first time hackers have found their way onto medical devices. Back when the WannaCry ransomware hit hospitals across the world, it found its way onto Bayer Medrad radiology equipment. And cybersecurity researchers have long warned about the vulnerability of medical machines, with even pacemakers and insulin pumps easily prized open by researchers. But now, with Orangeworm, it's clear such tech is actively being targeted by surreptitious hackers.
110 Reykjavik, Iceland