Orangeworm

Orangeworm is a threat actor first identified in January 2015, known for its targeted attacks against organizations in the healthcare sector across the U.S., Europe, and Asia. These attacks are often part of a broader supply-chain attack strategy aimed at reaching their intended victims. The group deploys a custom backdoor called Trojan.Kwampirs, which provides them with remote access to the compromised computer systems. Notably, Orangeworm has shown interest in machines used for assisting patients in completing consent forms for required procedures. Despite its significant activity over several years, Orangeworm does not bear any hallmarks of a state-sponsored actor and is likely the work of an individual or a small group. The primary targets of Orangeworm's cyberattacks are large international corporations operating within the healthcare sector. However, the group has also targeted secondary industries such as Manufacturing, Information Technology, Agriculture, and Logistics. The largest number of Orangeworm's victims are located in the U.S., accounting for 17 percent of the infection rate by region. This suggests a strategic focus on this geographical area, although the reasons behind this preference remain unclear. Despite the threats posed by Orangeworm, customers with Intelligence Services or WebFilter-enabled products are protected against activities associated with this group. This highlights the importance of robust cybersecurity measures in mitigating the risks associated with such threat actors. Moving forward, organizations in the targeted sectors should remain vigilant about potential cyber threats and ensure they have adequate security protocols in place to protect their systems and data.