- ForesCount says that Silver Fox Crime Group aims for hospital patients
- The group uses usurped medical software to install malware
- Identification information, sensitive data and crypto is then stolen
A Chinese hacking group was identified by the usurpation of legitimate medical software to infect patient computers with malicious software.
The attacks were allocated by Forestscit to a group followed under the name of Silver Fox, Void Arachne and the Grand Thief of Valley, and use legitimate medical software such as Philips Dice Medical Image Viewer to deploy the distance access tool Valleyrat.
Valleyrat is then used as a stolen door to deploy malware for infostorption that targets sensitive data, identification information and cryptocurrency.
Expanding horizons
As a group based in China, Silver Fox has generally targeted Chinese in previous attacks, but ForestCout notes that the malware samples they have collected show “file names imitating health care applications, executables in English and file submissions from the United States and Canada, suggesting, suggesting[ing] That the group can extend its targeting to new regions and sectors. »»
The way in which Silver Fox puts its malware on victims’ devices has not yet been determined, but Forescout notes that previous attacks have seen the group using phishing and referencing poisoning techniques to ship their malicious software.
Once installed, the malware will establish a connection with the control and control server (C2) of the attackers using Ping.exe, Find.exe, Cmd.exe and Ipconfig.exe. Malware will also perform PowerShell commands to hide its communication paths at Windows Defender Scanans.
Malware will then recover additional useful charges from the C2 server, such as a safety tool snapping malware that will look for the antivirus system and termination protection software that could detect it and deactivates if possible. Valleyrat is then deployed, stealing information and extracts it on the C2 server.
Forescout also notes that even if it does not directly target a hospital, but rather the victim’s device, malware always poses a significant risk for patients who take infected devices in medical facilities, where malicious software could spread in unmarked networks and in hospital systems.
Via Therefore
