Orange Cyberdefense's CERT reported that the Green Nailao campaign leveraged threats like ShadowPad and PlugX, impacting various sectors globally, notably in Europe’s healthcare, throughout the latter half of 2024. The campaign's TTPs aligned with typical Chinese intrusion methods, but it does not associate with a known threat group. Remarkably, two incidents involved a unique ransomware, dubbed NailaoLocker, indicating an evolution in threat tactics. HackersEye's DFIR team's previous reports also outline similar TTPs, emphasizing the escalating vulnerabilities across industries due to this threat actor.
The Green Nailao campaign exploited ShadowPad and PlugX to target multiple sectors globally, with notable impacts on European organizations in the healthcare sector.
In two incidents, the attackers executed a new ransomware, NailaoLocker, that was previously undocumented, indicating the evolving nature of the threat.
Collection
[
|
...
]