Orangeworm

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Orangeworm is a threat actor first identified in January 2015, known for its targeted attacks against organizations in the healthcare sector across the U.S., Europe, and Asia. These attacks are often part of a broader supply-chain attack strategy aimed at reaching their intended victims. The group deploys a custom backdoor called Trojan.Kwampirs, which provides them with remote access to the compromised computer systems. Notably, Orangeworm has shown interest in machines used for assisting patients in completing consent forms for required procedures. Despite its significant activity over several years, Orangeworm does not bear any hallmarks of a state-sponsored actor and is likely the work of an individual or a small group. The primary targets of Orangeworm's cyberattacks are large international corporations operating within the healthcare sector. However, the group has also targeted secondary industries such as Manufacturing, Information Technology, Agriculture, and Logistics. The largest number of Orangeworm's victims are located in the U.S., accounting for 17 percent of the infection rate by region. This suggests a strategic focus on this geographical area, although the reasons behind this preference remain unclear. Despite the threats posed by Orangeworm, customers with Intelligence Services or WebFilter-enabled products are protected against activities associated with this group. This highlights the importance of robust cybersecurity measures in mitigating the risks associated with such threat actors. Moving forward, organizations in the targeted sectors should remain vigilant about potential cyber threats and ensure they have adequate security protocols in place to protect their systems and data.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Symantec
State Sponso...
Backdoor
Healthcare
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KwampirsUnspecified
1
Kwampirs is a type of malware, specifically a custom backdoor, that has been primarily targeting large healthcare sector firms across the U.S., Europe, and Asia. The malware was discovered on machines running software used to control high-tech imaging devices such as X-Ray and MRI machines, indicati
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Orangeworm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia