According to news report, a group of cybercriminals known as “FIN12” is expanding hacking operations and repeatedly targeting the health care industry with ransomware attacks, according to a new report by cybersecurity firm Mandiant.
As per Mandiant, 20% of all ransomware incursion it has detected over the past year has been linked to FIN12. It does not aim at stealing data for extortion, but rather prioritises quick attacks in its operations.
However, 80% of FIN12’s victims have been based in North America, with Mandiant saying that victims outside of North America in the first half of 2021 were twice as many as compared to 2019 and 2020.
Mandiant Vice President, CTO-APAC Steve Ledzian said while most of FIN12’s victims are in North America, FIN12 has victimised organisations in Asia Pacific countries including Australia, Indonesia, the Philippines, and South Korea.
For FIN12, hospitals and clinics are frequently the target. Nearly 20% of the group’s victims are part of the healthcare industry and are responsible for several attacks on the healthcare system.
They focus heavily on high-revenue victims. This is concerning for enterprises globally as the threat actors seem to be advancing into larger teams as well as are getting more efficient in operations.