<p>Earlier this year, the second largest health insurance provider in the US publicly disclosed that it had been the victim of a major cyberattack. The attack against Anthem resulted in the largest known healthcare data breach to date, with 80 million patient records exposed.<br><br>Symantec believes that the attackers behind the Anthem breach are part of a highly resourceful cyberespionage group called Black Vine. The Anthem attack is only one of multiple campaigns that Symantec has attributed to this group.<br><br>Symantec’s latest whitepaper documents multiple Black Vine operations that have been occurring since 2012. Black Vine’s targets include gas turbine manufacturers, large aerospace and aviation companies, healthcare providers, and more. The group has access to zero-day exploits, most likely obtained through the Elderwood framework, and uses custom-developed back door malware.<br><br>By connecting multiple Black Vine campaigns, we traced how the attack group has evolved over the last three years.<br><br>Black Vine compromised legitimate websites that were of interest to its targets in order to serve exploits to the sites’ visitors. If the zero-day exploits successfully worked against the vulnerable software on the victim’s computer, then they dropped Black Vine’s custom malware, providing the attackers with remote access to the computer. In addition to watering-hole attacks, Black Vine also sent spear-phishing emails that disguised its threats using technology-themed lures.<br><br>Black Vine has compromised companies in the following industries: aerospace, healthcare, energy (gas & electric turbine manufacturing), military and defense, finance, agriculture and technology.<br><br>Black Vine’s targets are spread across several regions, based on the IP address locations of the compromised computers. The vast majority of infections affected companies in the US, followed by China, Canada, Italy, Denmark, and India.<br><br><em>(BW Online Bureau)</em></p>
