1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Chinese hacking group hijacks hospital computers by spoofing legi

    From TechnologyDaily@1337:1/100 to All on Wed Feb 26 17:00:08 2025
    Chinese hacking group hijacks hospital computers by spoofing legitimate medical software

    Date:
    Wed, 26 Feb 2025 16:49:00 +0000

    Description:
    Patients are having their data and credentials stolen after Silver Fox group hijacks legitimate medical software to infect their devices.

    FULL STORY ======================================================================ForeScou t says Silver Fox crime group is targeting hospital patients The group uses spoofed medical software to install malware Credentials, sensitive data, and crypto are then stolen

    A Chinese hacking group has been spotted spoofing legitimate medical software to infect patient computers with malware .

    The attacks have been attributed by Forescout to a group tracked as Silver Fox, Void Arachne, and The Great Thief of Valley, and use legitimate medical software such as Philips DICOM medical image viewer to deploy the ValleyRAT remote access tool.

    ValleyRAT is then used as a backdoor to deploy infostealing malware that targets sensitive data, credentials, and cryptocurrency. Expanding horizons

    As a China-based group, Silver Fox has typically targeted Chinese speakers in previous attacks, but Forescout notes that malware samples they have
    collected show filenames mimicking healthcare applications, English-language executables, and file submissions from the United States and Canada, suggest[ing] that the group may be expanding its targeting to new regions and sectors.

    How Silver Fox gets their malware onto the victims devices has not yet been determined, but Forescout notes that previous attacks have seen the group use phishing and SEO poisoning techniques to ship their malware.

    Once installed, the malware will establish a connection with the attackers command and control (C2) server using ping.exe, find.exe, cmd.exe, and ipconfig.exe. The malware will also run PowerShell commands to hide its communications paths from Windows Defender scans.

    The malware will then retrieve additional payloads from the C2 server, such
    as a security tool sniffing malware that will search the system for antivirus and endpoint protection software that could detect it, and disables them
    where possible. ValleyRAT is then deployed, stealing information and extracting it to the C2 server.

    Forescout also notes that while not directly targeting a hospital, but rather the victims device, the malware still poses a significant risk for patients who take infected devices into medical facilities, where the malware could spread through unsecured networks and into hospital systems.

    Via TheRegister You might also like These are the best firewalls around to keep you safe Take a look at the best business VPN Popular Android financial help app is actually dangerous malware



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-hacking-group-hijacks-hospital- computers-by-spoofing-legitimate-medical-software


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)