19 October 2021

Suspected Chinese hackers reportedly hit 9 Israeli hospitals


Suspected Chinese hackers reportedly hit 9 Israeli hospitals

Israel’s Ministry of Health and the National Cyber Directorate have warned of an increase in ransomware attacks that targeted at least nine hospitals and health organizations in the country in recent days.

In a joint statement the ministry and the National Cyber Directorate did not name any specific targets but said that “early assessments and a quick response from the center and staff on the ground halted the attempts and no damage was done.”

“In recent days, the Ministry of Health and the National Cyber ​​System have been carrying out many activities with bodies in the health sector to further strengthen the level of protection while identifying new vulnerabilities in the area that may be used for attacks,” the two authorities said.

The statement was released following a ransomware attack against the Hillel Yaffe Medical Center in Hadera that led to the shutdown of the hospital’s computer systems. The attack occurred in early hours on Wednesday, October 13, and affected hospital’s computer systems forcing hospital staff to resort to logging admissions with pen and paper. However, urgent medical services continued as usual as Hillel Yaffe switched to alternate systems.

Health Ministry cybersecurity chief Reuven Eliyahu said that the ransomware attack on Hillel Yaffe Hospital was likely carried out by Chinese hackers whose motives were “purely financial.”

“This is probably a Chinese hacker group that broke away from another group and started working in August,” Eliyahu said in an interview on Army Radio. “The motive for the attack was purely financial.”

According to Israeli news outlets, the attack was attributed to DeepBlueMagic, a new ransomware strain, discovered in August 2021, which can disable security tools implemented by organizations. According to researchers at Heimdal Security, who discovered this threat, once security tools are disabled, the ransomware is deployed and encrypts entire hard drives, except for the system drive. DeepBlueMagic also uses other tools to make the recovery of the drives impossible.

Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021