HC3 Analyst Note TLP White - SDBBot Malware threat to US Healthcare Organizations
The Australian Cyber Security Center (ACSC) published an alert on November 12 related to two malware variants – Clop (ransomware) and SDBBot, a remote access trojan (RAT), noting that they together have recently been used by one or more cybercriminal groups to target Australian healthcare organizations. HC3 has historically observed the targeting of healthcare organizations often crossing international borders. Furthermore, the threat actor believed to utilize Clop and SDBBot has targeted American healthcare previously, including a campaign using the Coronavirus as a phishing theme. As such, HC3 believes the US healthcare community are at al elevated threat of being targeted by both Clop and SDBBot. This report will analyze and recommend defensive measures for SDBBot and will be released along with a companion report addressing Clop ransomware