HC3 Threat Brief: Chinese State-Sponsored Threat Actor

Sept. 28, 2022
The Health Sector Cybersecurity Coordination Center recently published a threat brief on the Chinese state-sponsored threat actor dubbed APT 41 that has a history of attacking the healthcare industry

On Sept. 22, the Health Sector Cybersecurity Coordination Center (HC3) published a threat brief on the Chinese state-sponsored threat actor APT41. Members of APT have been actively tracked since 2012, and APT has been tracked as two separate groups, depending on operation. APT41 has a malicious history of targeting healthcare, as well as several other industries including high-tech and telecommunications, and uses methods like spear phishing, water holes, supply chain attacks, and backdoors.

According to the brief, APT 41 has been active in one or more of 14 countries that includes the U.S. Specifically regarding healthcare, the years the industry was targeted beginning in 2014. In 2014 and 2016 APT 41 was interested in IT and medical device software through supply chain attacks and targeting medical device information. In 2016, a biotech company was targeted for HR data, tax information, acquisition information, and clinical trial data. In 2018, the goals of the campaign were unknown. In 2019, APT 41 targeted a U.S. cancer research facility with malware dubbed “EVILNUGGET” and CVE-2019-3396 was exploited.

In January – March of 2020 APT 41 was identified attempting to exploit Citrix, Cisco, and Zoho endpoints as a part of their campaign and attempted to exploit more than 75 customers, several of which targeted sectors in the U.S.

The brief adds that “Attempted exploitation of:

  • CVE-2019-19781: Citrix vulnerability which allows directory transversal. Gives the attacker access to areas of a system they would not normally have.
  • CVE-2020-10189: Zoho vulnerability which allows for remote code execution that can allow an attacker to deliver malware and advance malicious efforts.

Regarding the healthcare sector more recently, two zero-day attacks were used to exploit the web-based Animal Health Reporting Diagnostic System (USAHERDS) application in May 2021 – February 2022. At least six U.S. state governments were compromised and there are potentially more unknown victims. APT41 was detected relatively quickly and removed in this circumstance but the system was compromised via zero-day CVE-2021-44207 and Log4j attacks. An investigation is still ongoing.

The release adds that “Popular TTPs and Tools [include]:

  • Initial Access: Frequent use of spear phishing with malicious attachments, watering holes, and supply chain attacks
  • Establish Foothold: The group utilizes a variety of public and private malware
  • Escalate Privileges: Usually leverages custom tools to obtain credentials
  • Internal Reconnaissance: Performs internal reconnaissance using compromised credentials
  • Lateral Movement: Remote Desktop Protocol (RDP), stolen credentials, adding admin groups, and brute forcing utilities
  • Maintain Presence: APT41 relies on the use of backdoors
  • Mission Complete: Creation of a RAR archive for exfiltration and removal of evidence”

Sponsored Recommendations

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...

State of the Market: Transforming Healthcare; Strategies for Building a Resilient and Adaptive Workforce

The U.S. healthcare system is facing critical challenges, including workforce shortages, high turnover, and regulatory pressures. This guide highlights the vital role of technology...