June 24, 2024
TLP:CLEAR
SUMMARY
The Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting healthcare, public health entities, and providers. Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts. Healthcare organizations are attractive targets for threat actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. The FBI and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of social engineering incidents.
TECHNICAL DETAILS
Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 14.1. See the
MITRE ATT&CK® Tactics and Techniques section for a table of the threat actors’ activity mapped to
MITRE ATT&CK® tactics and techniques with corresponding mitigation and/or detection
recommendations. For assistance with mapping malicious cyber activity to the MITRE ATT&CK®
framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK® Mapping and
CISA’s Decider Tool
Access the full advisory at IC3 or read it below.
240624