Photo: Anton Vergun/TASS via Getty Images
Symantec is tracking what it believes to be a longstanding corporate espionage hacking effort against medical manufacturers.
The details: Based on the targets — all manufacturers of medical supplies or companies that served them — and the inconsistent quality of the hackers' work, Symantec believes this is private sector work beneath the level of intelligence agency. The cybersecurity firm detailed the campaign it has rubbed "Orangeworm" in a report released Monday.
"It's not often we come across this kind of campaign being used for corporate espionage," Vikram Thakur, Symantec technical director, told Axios. Typically, targeted attacks striking a low enough volume of victims are the work of government actors.
Think pharmaceuticals, not insurance: Thakur cautions that most people's first assumption about hackers targeting health care firms is wrong — they do not appear to be targeting accounts and personal information. Instead, they appear to be looking for manufacturing techniques and intellectual property.
The impact: In 2018, the group has already attacked at least a couple of dozen targets. Symantec tracked nearly 100 attacks since 2015.
The intrigue: The group has designed hard-to-capture hacking tools resistant to being scooped up for analysis, leaving Symantec with little to go on in as it tries to profile the attacker. Symantec does not know how the hackers first breach the system.
- Though Symantec hasn't been able to retrieve all the tools used in the attack, the attackers did a substandard job hiding the fact they had been in the system. "The threat may be hard to catch, but it's noisy, " Thakur said.