Symantec Warns of Cyber Threat From ‘Orangeworm’ Group

Symantec has identified a group conducting cyberattacks that target computers used to control high-tech imaging devices.

The Orangeworm group conducted targeted attacks on organizations across the supply chain but almost 40 percent of the group’s targets were in the healthcare sector, including hospitals, drugmakers and IT solution providers.

The Kwampirs malware was found on machines that use software to control imaging devices such as X-ray and MRI machines.

The hackers gain access using a “backdoor” method that is better-suited to older operating systems such as Windows XP. Symantec believes the healthcare industry is particularly vulnerable due to the common use of such older systems within the sector.

The largest group of victims is U.S.-based, but the number of victims who operate large international corporations have led to cyber infections in multiple countries, including India, Saudi Arabia and the Philippines. The hacker group collects information about compromised computers and then uses the data to determine whether the victim is a high-value target.

“We believe that these industries have also been targeted as part of a larger supply-chain attack in order for Orangeworm to get access to their intended victims related to healthcare,” Symantec said.

“Orangeworm’s secondary targets include manufacturing, information technology, agriculture, and logistics. While these industries may appear to be unrelated, we found them to have multiple links to healthcare, such as large manufacturers that produce medical imaging devices sold directly into healthcare firms, IT organizations that provide support services to medical clinics, and logistical organizations that deliver healthcare products.”

Symantec believes Orangeworm is not state-sponsored but likely an individual or a small group of individuals and notes there are currently “no technical or operational indicators” to identify the group’s origin. — Zack Budryk