Freely subscribe to our NEWSLETTER

The malware has been observed via phishing attacks in Italian, Czech, Hindi, Turkish, Portuguese, and Indonesian languages which has prompted fears that this global operation could be expanded to include more countries.

Dirk Schrader, Field CISO EMEA and VP of Security Research at Netwrix shared the following comments:

“Organised malware attacks targeting healthcare sector and pharma companies strongly suggest that the APT group leveraging ResolverRAT has identified how to exploit a systemic vulnerability specific to this industry. These sectors are bound by complex regulations, ranging from intellectual property to data privacy to public health requirements. Threat actors take advantage of the urgency tied to any of these areas, tricking end-users into clicking malicious links and downloading infected files. These files, in turn, evade detection and pass sandbox checks, whether at the network level or on local endpoints. The way this malware infiltrates the network highlights how much effort the APT group behind it is willing to put into refining the delivery and evasion techniques.

“To tackle such threats, organisations should leverage proper privilege management controls. A user should not be allowed to install any piece of software or to run an executable. If there is a need for a new application, a defined process should be in place to allow that. Such guardrails restrict users from unintentionally jeopardising the organisation’s security, but still provide bandwidth to operate and perform their primary functions. Of course, awareness training should be in place as well, but we all know that stress and urgency are the enemy of awareness, that’s why removing unnecessary privileges like local admin rights on the endpoints is one of the most effective ways to mitigate the risk of malicious installations.”