Threats Tagged 'healthcare'
View all threats tagged with 'healthcare'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'healthcare'
Click on any threat for detailed analysis and mitigation recommendations
New Dohdoor malware campaign targets education and health care 0 A malicious campaign by threat actor UAT-10027 has been targeting education and healthcare sectors in the United States since December 2025. The campaign utilizes a new backdoor called Dohdoor, which employs DNS-over-HTTPS for stealthy command-and-control communications and can download and execute payloads reflectively. The multi-stage attack chain likely begins with phishing emails, followed by PowerShell scripts, batch files, and DLL sideloading techniques. Dohdoor uses various evasion methods, including API obfuscation, encrypted communications, and EDR bypasses. The campaign's infrastructure leverages Cloudflare services for stealth. While some techniques overlap with North Korean APT groups, the targeting differs from their typical focus. Join the discussion | AlienVault OTX General | 02/27/2026, 09:32:11 UTC Added: 02/27/2026, 10:10:15 UTC |
North Korean Lazarus Group Now Working With Medusa Ransomware 0 North Korean state-backed attackers are utilizing Medusa ransomware in their ongoing extortion attacks against the U.S. healthcare sector. The Symantec and Carbon Black Threat Hunter Team discovered evidence of North Korean actors employing Medusa in an attack on a Middle Eastern target and an unsuccessful attempt on a U.S. healthcare organization. Medusa, launched in 2023, operates as a ransomware-as-a-service. The Lazarus sub-group Stonefly has been a key player in North Korean ransomware attacks, using proceeds to fund espionage activities. Despite indictments and rewards, the attacks continue unabated. The current campaign employs various tools, including Comebacker, Blindingcan, ChromeStealer, and RP_Proxy. While the attacks bear similarities to previous Stonefly operations, the exact sub-group responsible remains unclear. Join the discussion | AlienVault OTX General | 02/24/2026, 12:40:36 UTC Added: 02/24/2026, 20:46:17 UTC |
Threat Profile: Conti Ransomware Group 0 Conti, a notorious ransomware operation identified in 2019, quickly gained infamy for its advanced encryption, rapid lateral movement, and double extortion tactics. Operated by the Russia-based Wizard Spider group, Conti evolved from Ryuk ransomware and maintained suspected ties to Russian state interests. Between 2019 and 2022, Conti targeted healthcare providers, governments, educational institutions, critical infrastructure, and private businesses, earning an estimated $180 million in 2021. Their aggressive tactics highlighted the urgent need for strong cybersecurity defenses. In 2022, internal divisions arose following leaked private chats. Conti's operations mimicked legitimate businesses, showcasing the industrialization of cybercrime and its devastating impact on critical sectors. Join the discussion | AlienVault OTX General | 09/30/2025, 05:15:39 UTC Added: 09/30/2025, 08:24:41 UTC |
Showing 1 to 3 of 3 results