Microsoft: US Healthcare Sector Targeted by INC Ransomware Affiliate

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

A threat actor has been observed using the INC (Inc Ransom) ransomware in attacks targeting organizations in the US healthcare sector, Microsoft warns.

A financially motivated cybercrime group that Microsoft tracks as Vanilla Tempest, the threat actor targets systems previously infected with the Gootloader malware, which it uses to expand its foothold on the compromised networks and deploy ransomware.

“Vanilla Tempest receives hand-offs from Gootloader infections by the threat actor Storm-0494, before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool,” Microsoft revealed on X (formerly Twitter).

Next, the threat actor was seen abusing the Remote Desktop Protocol (RDP) to move laterally on the victim organization’s network, and employing the Windows Management Instrumentation (WMI) Provider Host to deploy the ransomware payload.

Vanilla ...