The infection chain starts with a victim launching a malicious Delphi launcher on the infected USB flash drive – which reveals all the victim’s files (concealed when the USB drive was infected in the first place). This incident is an in-the-wild sighting of a set of tools described back in late 2022 in the Avast report (the toolset is labelled there as SSE), which analyzed several malicious tools staged on one of the distribution servers researchers attributed to Mustang Panda. Consequently, upon returning to the healthcare institution in Europe, the employee inadvertently introduced the infected USB drive, which led to spread of the infection to the hospital’s computer systems. Unfortunately, one of his colleagues had a computer that was infected, so when the employee shared his USB drive with them, the drive became unknowingly infected as a result. He had the opportunity to share his presentation with fellow attendees using his USB drive. Patient Zero in the healthcare institution infection was identified as an employee who had participated in a conference held in Asia. Patient Zero: Healthcare institution gets infected These malicious programs possess the ability to self-propagate through USB drives, making them potent carriers of infection, even beyond their intended targets. This incident prompted Check Point Research (CPR) to conduct a thorough investigation, leading to the discovery of newer versions of the malware. The healthcare institution fell victim to malware that infiltrated their systems through an infected USB drive. The Uninvited Guest: Malware Sneaks In Through USB Drives: While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware. This incident shed light on the activities of Camaro Dragon, a Chinese-based espionage threat actor also known as Mustang Panda and LuminousMoth. In a recent incident at a healthcare institution in Europe, the Check Point Incident Response Team ( CPIRT) uncovered a disturbing malware attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |