First published: 12 Nov 2020
Last updated: 12 Nov 2020

Content written for

Small & medium business
Large organisations & infrastructure
Government

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

SDBBot is comprised of 3 components; an installer which establishes persistence, a loader which downloads additional components, and the RAT itself. Once installed, malicious actors will use SDBBot to move laterally within a network and exfiltrate data. SDBBot is a known precursor of the Clop ransomware.

While the recently observed activity is targeting the health sector, the ASD’s ACSC recommends that all network owners review their controls against ransomware as per ASD’s ACSC publication Ransomware in Australia.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?