China: Chinese APT’s have been targeting cancer research institutes this week. With cancer being the second leading cause of death in the world, many people are in the race to discover a way to cure it. The best way to get ahead is to steal other advancements and work off of those, and that is exactly what Chinese actors are doing. Previously it was seen that APT 41 was targeting the healthcare industry through spear-phishing campaigns. The group was also responsible for an enterprise attack on a company that owned a medical device. These attacks were carried out using spoofed domains for the theft. The group began by deploying a keylogger to steal credentials, then using them to log in to the system. APT 22 was seen launching attacks against cancer research institutions and has had a constant focus on the healthcare industry. Other Chinese-based actors, APT 10 and APT18, have also dipped their hand into the healthcare attacks.
With this most recent attack on the cancer research institutes, there is not a specific APT that has been named, but it is likely that they are from China. This attack, in particular, used a tailored phishing campaign that distributed the EVILNUGGET malware.