top of page
  • Admin

Foreign APT Threat Groups Target Healthcare And Essential Services

Published: August 1, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

During this time of the coronavirus pandemic, APT (advanced persistent threat) groups are particularly targeting healthcare, pharmaceutical, and research organizations. APT attacks are not the typical “smash and grab” data hacks we often see reported in the media. These attacks can take months or even years to target their victims. APT groups are state sponsored by countries like Russia, China, Iran, and others to steal data, disrupt operations and destroy infrastructure of other nations, such as the U.S. and the UK.

In response to the APT coronavirus threats, the U.S. Department of Homeland Security Cybersecurity, and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) issued a joint advisory about the ongoing APT threats. The advisory “APT Groups Target Healthcare and Essential Services,” continues to see APT threats that exploit the ongoing pandemic. It also describes methods these groups use to successfully target critical organizations involved in the research for both national and international responses from healthcare, pharmaceutical, academia, medical research organizations, and local governments. APT groups know that’s where the coronavirus data lives, and that’s exactly what they’re after.

By far, the most popular weapon APT groups use to enter data systems is called “password spraying.”

Very much like credential stuffing, password spraying is a type of brute force attack. Bad actors pummel data systems with a series of passwords until a match is finally found. Reusing passwords, especially those that are more common than others, can give APT’s easier access to data and other accounts where the password may be reused again. Password spraying can also find inroads to email accounts, giving APT’s the ammunition to hack emails for targeted phishing attacks.

With healthcare and essential services like pharmaceutical companies working overtime to understand more about the virus and the search for a cure, APT groups set their sights on stealing any data they can about coronavirus. Ultimately, the goal of these groups is to bring the data they’ve hijacked back to the nation-state that’s backing them.

The lesson learned about these attacks is that most start with password spraying, which any hacker, not just APT’s, can do on their own. The success of APT groups and many other hackers comes down to poor password use and reuse. Make sure passwords are extra-long, with combinations of letters, numbers, and symbols in random order. Don’t use common words or phrases or personal information within the passwords. If you can’t remember them, it’s completely understandable. Write them down on an old-fashioned piece of paper and store them separately from your computer or mobile devices. Storing them in password managers is another way to make sure you can find them. Just remember that if your master password for your password manager is breached, so will all of your other passwords. And finally, always use unique credentials for each and every online account.

If nothing else, an attacker will get frustrated with a difficult password and likely move on to others that are easier to crack.

Want to schedule a conversation? Please email us at

bottom of page