Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Vanilla Tempest is testing the new acquisition in US clinics.
Microsoft reports that the Vanilla Tempest hacking group has started targeting healthcare organizations in the United States using the INC Ransom Ransomware.
INC Ransom operates under the Ransomware-as-a-Service (RaaS) model, and the group's partners have been attacking both public and private companies since July 2023. Among the known victims are Yamaha Motor Philippines, the American division of Xerox Business Solutions, as well as the National Health Service of Scotland (NHS).
In May 2024, an attacker under the pseudonym "salfetka" offered the source code of ransomware for Windows and Linux/ESXi operating systems for $300,000 on the hacker forums Exploit and XSS.
Microsoft analysts first recorded how Vanilla Tempest used INC Ransom to attack the US healthcare sector. During the attack, Vanilla Tempest gained access to the network through the Storm-0494 group, which infected the victim's systems with the Gootloader malware loader. Once inside, the hackers injected the Supper backdoor and deployed legitimate AnyDesk remote monitoring and MEGA data syncing tools. Next, the cybercriminals distributed the ransomware over the network using the RDP (Remote Desktop Protocol) protocol and Windows Management Instrumentation Provider Host management tools.
Although Microsoft did not name the affected organization, it is known that a similar version of the ransomware was used in a cyberattack on McLaren Health Care hospitals in Michigan in August. Then the cyberattack led to failures in the operation of IT systems and telephone lines, as well as to the loss of access to databases with patient information. Because of this, the medical institution was forced to postpone a number of planned appointments and procedures.
Vanilla Tempest has been active since June 2021. It was previously known as DEV-0832 and Vice Society. The group often attacks sectors such as education, healthcare, IT, and industry using a variety of ransomware, including BlackCat, Quantum Locker, Zeppelin, and Rhysida. Last year, researchers from CheckPoint linked Vice Society to the Rhysida gang, which also specializes in attacks on medical facilities.
Source
Microsoft reports that the Vanilla Tempest hacking group has started targeting healthcare organizations in the United States using the INC Ransom Ransomware.
INC Ransom operates under the Ransomware-as-a-Service (RaaS) model, and the group's partners have been attacking both public and private companies since July 2023. Among the known victims are Yamaha Motor Philippines, the American division of Xerox Business Solutions, as well as the National Health Service of Scotland (NHS).
In May 2024, an attacker under the pseudonym "salfetka" offered the source code of ransomware for Windows and Linux/ESXi operating systems for $300,000 on the hacker forums Exploit and XSS.
Microsoft analysts first recorded how Vanilla Tempest used INC Ransom to attack the US healthcare sector. During the attack, Vanilla Tempest gained access to the network through the Storm-0494 group, which infected the victim's systems with the Gootloader malware loader. Once inside, the hackers injected the Supper backdoor and deployed legitimate AnyDesk remote monitoring and MEGA data syncing tools. Next, the cybercriminals distributed the ransomware over the network using the RDP (Remote Desktop Protocol) protocol and Windows Management Instrumentation Provider Host management tools.
Although Microsoft did not name the affected organization, it is known that a similar version of the ransomware was used in a cyberattack on McLaren Health Care hospitals in Michigan in August. Then the cyberattack led to failures in the operation of IT systems and telephone lines, as well as to the loss of access to databases with patient information. Because of this, the medical institution was forced to postpone a number of planned appointments and procedures.
Vanilla Tempest has been active since June 2021. It was previously known as DEV-0832 and Vice Society. The group often attacks sectors such as education, healthcare, IT, and industry using a variety of ransomware, including BlackCat, Quantum Locker, Zeppelin, and Rhysida. Last year, researchers from CheckPoint linked Vice Society to the Rhysida gang, which also specializes in attacks on medical facilities.
Source
