Summary: Researchers have uncovered a hacking group, dubbed Green Nailao, targeting European healthcare organizations with spyware and ransomware, potentially linked to state-backed Chinese hackers. The campaign exploited a vulnerability in cybersecurity products, enabling unauthorized access to sensitive data. Identified malware includes ShadowPad, PlugX, and a new strain, NailaoLocker, raising questions about the motivations behind the attacks.
Affected: European healthcare organizations
Keypoints :
- Green Nailao exploited a security flaw (CVE-2024-24919) in Check Point’s Security Gateway to gain access to sensitive data.
- The hackers deployed ShadowPad and PlugX malware, both associated with Chinese cyberespionage groups, along with the newly discovered NailaoLocker ransomware.
- The unusual use of ransomware in conjunction with espionage raises questions about the hackers’ motives, potentially indicating a mix of profit and data theft objectives.
Source: https://therecord.media/china-linked-hackers-target-european-health-orgs