As per a recent Microsoft alert, a threat actor with malicious financial motives has been observed leveraging a new INC ransomware strain to target the health sector in the United States (US). Given the details in the Microsoft alert, threat intelligence teams are tracking activities pertaining to this threat actor under the name Vanilla Tempest, previously known as DEV-0832 and Vice Society. Media reports pertaining to the Microsoft alert claim that such threat actor groups also rely on using Azure Storage Explorer and AzCopy for extracting sensitive data while attempting to evade detection. Given the threat actor’s activities as Vice Society, it is believed that the malicious online crime group is known for using already existing lockers for their attacks as opposed to developing a custom version. According to the Microsoft alert, the recent cyberattacks on the US healthcare sector are the first time this threat actor has used the INC Ransom tool. Afterward, threat actors proceed to using the Windows Management Instrumentation (WMI) Provider Host for deployment of the ransomware payload. Ever since 2021, the threat actor has built a reputation for targeting different sectors, including education, healthcare, IT, and manufacturing. Those keen on ensuring recovery and protection against such online threats must know that the INC ransomware mentioned in the Microsoft Alert is a ransomware-as-a-service (RaaS). It was revealed that the attacks conducted by that group also targeted the healthcare sector, aiming to sell patient data acquired from Lurie Children’s Hospital in Chicago. The rise of Vanilla Tempest and the deployment of INC ransomware against US healthcare highlight the ongoing cyber threats facing critical sectors. Organizations must stay vigilant, adopt robust cybersecurity measures, and closely monitor evolving tactics used by these threat actors to mitigate potential damage. In this article, we’ll dive into the details and determine who the threat actor is and how such attacks are carried out.
This Cyber News was published on securityboulevard.com. Publication date: Wed, 02 Oct 2024 08:13:10 +0000