A Chinese APT actor has been found to be targetting Vietnamese pharma companies with the PlugX malware to steal drug formulas and business information.
Kaspersky Lab has discovered a new way in which the PlugX malware is being used by Chinese advanced persistent threat (APT) actors — to target pharmaceutical facilities in Vietnam. [caption id=“attachment_4319829” align=“alignleft” width=“380”]![Representative Image]()
Representative Image[/caption] According to a report in infosecurity, a
Chinese APT actor has been found to be targetting Vietnamese pharma companies with the PlugX malware to steal drug formulas and business information. PlugX is a remote access trojan (RAT) that lets hackers perform malicious operations such as copying or modifying files, logging keystrokes, stealing passwords and capturing screenshots of user activity, without the user’s permission or authorisation. According to
**Kaspersky Labs** , the use of PlugX to attack the healthcare sector is due to the fact that a lot of healthcare data is now moving from paper to the digital format within the medical organisations. “While the security of the network infrastructure of this sector is sometimes neglected, the hunt by APTs for information on advancements in drug and equipment innovation is truly worrying. Detections of PlugX malware in pharmaceutical organisations demonstrate yet another battle that we need to fight – and win – against cybercriminals,” said Yury Namestnikov, a security researcher at Kaspersky Lab. According to the report, PlugX malware has previously been seen with targetted attacks on military, government or political organisations. It is spread through
spear phishing. Some of the Chinese APTs which are notorious for using the PlugX malware include Deep Panda, NetTraveler and Winnti. In 2013, Winnti was responsible for attacking companies in the online gaming industry and it was found to be using PlugX since May 2012. Winnti’s name has surfaced in the attacks against pharma companies as well. According to Kaspersky Lab, “Philippines, Venezuela and Thailand topped the list of countries with attacked devices in medical organisations.”
 "Chinese advanced persistent threat actor found attacking pharma companies using the PlugX malware")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
