Infamous PlugX malware detected in Vietnam steals valuable drug patents and commercial information
Kaspersky Lab has found an APT group [ed: advanced persistent threat] who spied on pharmaceutical companies. The trend is alarming and sees more and more criminal groups turning their attention to cyber attacks against companies in the healthcare sector.
Not surprisingly, the infamous malware PlugX was detected in pharmaceutical organizations in Vietnam, with the aim of stealing valuable drug patents and business information.
It is a popular remote access tool (RAT Remote Access Tool), usually spread via spear phishing and previously detected in targeted attacks against military, government and political organizations. The RAT has been used by a number of Chinese-speaking cybercriminal groups, including Deep pandas, NetTraveler or Winnti. In 2013 it was discovered that the latter was responsible for attacks on companies in the online gaming sector and that he had been using PlugX since May 2012. Interestingly, Winnti was also responsible for attacks on pharmaceutical companies, where the goal was to steal digital certificates from medical equipment and software manufacturers.
The RAT PlugX allows attackers to perform various malicious operations on a system without user consent or permission, including, for example, copying and modifying files, logging keystrokes, stealing passwords, and capturing screenshots of user activity.
PlugX, like other RATs, is used by cyber criminals to secretly steal and harvest sensitive or profitable information for malicious purposes.
The use of RATs in attacks against pharmaceutical organizations indicates a growing interest by APT groups in the healthcare sector.
Note:
APT:advanced persistent threat, undetected access to a network for a long period of time. The intention of an APT attack is to steal data, rather than cause damage to your network or organizations. The APT attacks target high-value information, such as national defense, manufacturing and the financial industry.
RAT Remote Access Tool: is a programmed tool that allows a remote device to control a system as if it had physical access to the system. While desktop sharing and remote administration have many legal uses, “RAT” software is usually associated with unauthorized or malicious activity.
PlugX is a remote access (RAT) tool (malware) that uses modular plugs. It has been used by multiple threat groups
Malware, short for malicious software (which literally means malicious software, but usually translated as malicious software), means any computer program used to disrupt computer operations, steal sensitive information, access private computer systems, or display unwanted advertising
Spear phishing is an email or electronic communication addressed to a specific individual, organization or company that leads the unwitting recipient to a bogus website filled with malware. While often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a specific user's computer.
