Kaspersky Lab has discovered a new way in which the PlugX malware is being used by Chinese advanced persistent threat (APT) actors — to target pharmaceutical facilities in Vietnam.
According to a report in infosecurity, a Chinese APT actor has been found to be targetting Vietnamese pharma companies with the PlugX malware to steal drug formulas and business information.
PlugX is a remote access trojan (RAT) that lets hackers perform malicious operations such as copying or modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity, without the user’s permission or authorisation. According to Kaspersky Labs, the use of PlugX to attack the healthcare sector is due to the fact that a lot of healthcare data is now moving from paper to the digital format within the medical organisations.
“While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organisations demonstrate yet another battle that we need to fight – and win – against cybercriminals,” said Yury Namestnikov, a security researcher at Kaspersky Lab.
According to the report, PlugX malware has previously been seen with targetted attacks on military, government or political organisations. It is spread through spear phishing. Some of the Chinese APTs which are notorious for using the PlugX malware include Deep Panda, NetTraveler and Winnti. In 2013, Winnti was responsible for attacking companies in the online gaming industry and it was found to be using PlugX since May 2012. Winnti’s name has surfaced in the attacks against pharma companies as well.
According to Kaspersky Lab, “Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organisations.”
Published Date: Mar 16, 2018 15:41 PM
| Updated Date: Mar 16, 2018 15:41 PM