European healthcare orgs targeted with NailaoLocker ransomware

Intrusions spreading the novel NailaoLocker ransomware payload have been launched by suspected Chinese cyberespionage operation Green Nailao against European healthcare organizations during the last six months of 2024, according to The Record, a news site by cybersecurity firm Recorded Future.

After initially compromising Check Point Security Gateways through the exploitation of the CVE-2024-24919 vulnerability, Green Nailao proceeded to deliver a stealthier variant of the ShadowPad malware and the PlugX backdoor — both of which linked to Chinese cyberespionage groups — to facilitate the execution of NailaoLocker, a report from Orange Cyberdefense researchers revealed. With NailaoLocker lacking in sophistication, such a campaign may have only been conducted by Green Nailao as a diversion for pilfering sensitive information from targeted systems, said researchers. "While such campaigns can sometimes be conducted opportunistically, they often allow threat groups to gain access to information systems that can be used later to conduct other offensive operations," said the report.