ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > UNC1878

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: UNC1878

NamesUNC1878 (FireEye)
Country[Unknown]
MotivationFinancial gain
First seen2020
Description(BleepingComputer) Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S.
Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an 'increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.'
Later in the day, CISA issued a joint advisory publicly warning that U.S. hospitals and healthcare providers are actively targeted in cyberattacks deploying the Ryuk ransomware.
Charles Carmakal, senior vice president and CTO of Mandiant, told BleepingComputer that an Eastern European hacking group known as UNC1878 is responsible for these attacks and that they intend to attack hundreds of hospitals.
ObservedSectors: Healthcare.
Countries: USA.
Tools usedBazarBackdoor, Cobalt Strike, Ryuk.
Information<https://www.bleepingcomputer.com/news/security/brooklyn-and-vermont-hospitals-are-latest-ryuk-ransomware-victims/>
<https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/>

Last change to this card: 05 January 2021

Download this actor card in PDF or JSON format

Previous: TA554
Next: UNC5537

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]