ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > UNC1878

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: UNC1878

NamesUNC1878 (FireEye)
Country[Unknown]
MotivationFinancial gain
First seen2020
Description(BleepingComputer) Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S.
Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an 'increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.'
Later in the day, CISA issued a joint advisory publicly warning that U.S. hospitals and healthcare providers are actively targeted in cyberattacks deploying the Ryuk ransomware.
Charles Carmakal, senior vice president and CTO of Mandiant, told BleepingComputer that an Eastern European hacking group known as UNC1878 is responsible for these attacks and that they intend to attack hundreds of hospitals.
ObservedSectors: Healthcare.
Countries: USA.
Tools usedBazarBackdoor, Cobalt Strike, Ryuk.
Information<https://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/>
<https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/>

Last change to this card: 05 January 2021

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key