The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations” have been on the rise.

The social engineering scheme starts with a telephone call to the IT help desk

The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated February 7, 2024, HC3 stated that although Akira is a relatively new ransomware group, it has attacked at least 81 organizations

On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations.

According to the Alert, the cybercriminals behind NoEscape “have constructed their malware and its associated infrastructure entirely from scratch.” Offering Ransomware-as-a-Service, they

Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.

The manufacturer of GoAnywhere MFT notified