The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector. We continue to see activity against the health sector similar to the increase of identified Emotet activity in Advisory 2020-17: Resumption of Emotet malware campaign.
This type of campaign is not limited to Australia, with the United States of America Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a cyber security alert. This alert identifies a campaign, with Emotet and TrickBot being used to further deploy Conti or Ryuk ransomware variants. The alert also provides detection and mitigation advice.
While this campaign is targeted at the health sector, the ACSC recommends that all Australian organisations read the two documents linked above and follow their recommended mitigation advice.