GBHackers News reports that healthcare delivery entities and public sector organizations have been targeted by Chinese advanced persistent threat operation Silver Fox, also known as Void Arachne, with malware attacks involving trojanized Philips DICOM Viewer software.
Intrusions commenced with spear-phishing lures delivering the malicious iteration of Philips DICOM Viewer as an initial-stage dropper, the execution of which prompts the eventual retrieval of encrypted configuration files and image file-spoofing payloads containing the TrueSightKiller driver, according to a Picus Security analysis. After terminating antivirus processes with the TrueSightKiller driver and scheduling tasks, Silver RAT proceeds with the delivery of additional payloads, including the ValleyRAT trojan, a cryptocurrency mining malware, and a keylogger, said Picus Security researchers. Such a threat should prompt EDR and XDR tool implementation, PowerShell logging activation, and software installation restrictions. Organizations have also been advised to adopt least privilege access, network segmentation, and behavioral monitoring mechanisms to better defend their networks.
Intrusions commenced with spear-phishing lures delivering the malicious iteration of Philips DICOM Viewer as an initial-stage dropper, the execution of which prompts the eventual retrieval of encrypted configuration files and image file-spoofing payloads containing the TrueSightKiller driver, according to a Picus Security analysis. After terminating antivirus processes with the TrueSightKiller driver and scheduling tasks, Silver RAT proceeds with the delivery of additional payloads, including the ValleyRAT trojan, a cryptocurrency mining malware, and a keylogger, said Picus Security researchers. Such a threat should prompt EDR and XDR tool implementation, PowerShell logging activation, and software installation restrictions. Organizations have also been advised to adopt least privilege access, network segmentation, and behavioral monitoring mechanisms to better defend their networks.
