Summary: A newly identified threat activity cluster, codenamed Green Nailao, targeted European healthcare organizations using the PlugX and ShadowPad malware to eventually deploy the NailaoLocker ransomware. Exploiting a recently patched vulnerability in Check Point network gateway products, attackers performed lateral movement and data exfiltration before executing ransomware. This campaign appears to be linked to Chinese-aligned threat actors, leveraging sophisticated techniques for espionage and profit-making via ransomware.
Affected: European healthcare organizations
Keypoints :
- Deployment of PlugX and ShadowPad facilitated by DLL search-order hijacking.
- Exploitation of Check Point security flaw (CVE-2024-24919, CVSS score: 7.5) allowed initial access to networks.
- NailaoLocker ransomware encrypts files with a โ.lockedโ extension and demands ransom payments in Bitcoin.
- Activity linked to Chinese threat actors through specific techniques and malware associations.
- NailaoLocker exhibits poor design, lacking key ransomware functionalities like network scanning or process interruption.
Source: https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html
Views: 20