SDBBot targeting health sector

The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).
Alert status
HIGH

The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).

SDBBot is comprised of 3 components; an installer which establishes persistence, a loader which downloads additional components, and the RAT itself. Once installed, malicious actors will use SDBBot to move laterally within a network and exfiltrate data. SDBBot is a known precursor of the Clop ransomware.

While the recently observed activity is targeting the health sector, the ACSC recommends that all network owners review their controls against ransomware as per ACSC’s publication Ransomware in Australia.

Content complexity
Moderate
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra