Menlo Security researchers disclosed the potential association between purported long-time ALPHV/BlackCat ransomware gang affiliate Notchy — who took credit for the far-reaching Change Healthcare attack and alleged the ransomware operation's theft of the $22 million ransom demand — and Chinese state-sponsored threat operations, reports The Register.
Further examination of Notchy's activity revealed that the ALPHV/BlackCat affiliate may have been able to acquire the latest version of Cobalt Strike, which it has been looking for since April, and the SmartScreen Killer malware from the Exploit and XSS crime forums. However, more information on the Change Healthcare attack is needed to confirm the deployment of SmartScreen Killer, according to researchers. Such a development comes after Congress was urged by the American Health Association to offer advanced payments to hospitals, pharmacies, and other health providers that had their prescription processing activities disrupted by the intrusion. Similar calls for advanced funding have also been made by the Department of Health and Human Services.