Executive Summary
Multiple ransomware families have been used to target the healthcare vertical in the past year. In this report, we cover recently reported attacks on the healthcare vertical leveraging Maui and Quantum ransomware families.
Recent Ransomware Threats to Healthcare
Jul 21, 2022 10:27:35 AM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Ransomware, Iran, IcedID, Healthcare, Maui, Quantum, Hospital
Lazarus Group Targets Crypto With TraderTraitor
Apr 25, 2022 8:26:42 AM / by PolySwarm Tech Team posted in Threat Bulletin, North Korea, Lazarus Group, TraderTraitor, Cryptocurrency
Background
CISA, FBI, and the US Treasury Department recently released a joint advisory on TraderTraitor, a Lazarus group campaign targeting blockchain companies.
PolySwarm Threat Bulletin: Lazarus APT’s LolZarus Campaign Targets Defense Contractor
Feb 14, 2022 11:18:26 AM / by PolySwarm Team posted in Threat Bulletin, Lazarus, LolZarus, APT, North Korea, LoLbins, Defense Vertical
Background
Qualys Threat Research recently reported on a new Lazarus espionage campaign leveraging employment phishing emails to target the defense sector, primarily targeting those applying for a job at Lockheed Martin. The targeting is similar to previous Lazarus campaigns which targeted Northrop Grumman and BAE Systems. Qualys refers to the current campaign as LolZarus due to the threat actor group’s use of LoLbins in some of the samples, which according to Qualys is the first known use of LoLbins by a well-known threat actor group.