A Russian hacking group is suspected to be behind this week. A cyber attack on the NHS A leading cyber security analyst has told GB News that the operations that caused chaos in London hospitals are shifting to British targets.

There is a realistic possibility that the Kailin Group, which launched the ransomware attack on an NHS partner company, is taking a cut of its profits to maintain its ability to attack Russian entities, Kailin Johnson of security firm Sibylline said. said

His warning comes after Ciaran Martin, the former chief executive of the National Cyber ​​Security Centre, said Quln was likely the source of the attack which crippled NHS operations at several major London hospitals yesterday.

Synnovis, a third-party blood transfusion blocking organization working with the NHS, blocked access to pathology IT systems after files were encrypted at Synnovis.

Hospital Signs/Hacker Stock Image

The attacks targeted a range of hospitals across London.

PA/Google/Royal Brompton Hospital

A doctor at King’s College London Hospital in south London said the situation was “horrendous” and several planned surgeries had been abruptly canceled, with no indication of when they might resume.

Qilin has been an active Ransomware The group, from at least mid-2022, has targeted large enterprises and high-value targets, mainly focusing on the healthcare and education sectors.

Past victims of Qilin ransomware attacks include Serbia’s sole electricity supplier, Chinese automotive parts giant Yanfeng and court services in Australia.

In March, the group targeted The Big Issue magazine in the UK, believed to be the first and only UK target before the NHS hack.

The UK is fighting cyber threats:

Kremlin/Cyber ​​Attack Stock Image

Johnson warned that hackers could actually cut into Russian firms’ profits.


Ms Johnson, Sabline’s cyber intelligence and geopolitical risk lead, said it was an indication that the group “maintains active operations and increasing disruption risks” in the UK.

“The group has not previously targeted the UK healthcare system, indicating an expansion of targets to European targets on top of their specific targets in Africa and Asia.”

It added: “While the group is of Russian origin, it is unclear whether the group is linked to the Russian government.

It is unlikely that the group operates under direct orders from the Russian government. However, there is a realistic possibility that Kalin may give some of his profits to Russian entities so that they can maintain their operations amid the country’s internet censorship and access laws.”

Qilin Group has sophisticated tactics for its ransomware operations.

“They have developed a Linux-based version of their ransomware to target VMware ESXi servers, which often run critical virtualization platforms within organizations, resulting in more impactful and disruptive attacks,” said Ms. Johnson. Attacks happen,” Ms. Johnson said.

He added: “Qilin also develops its malware in the Rust and Go coding languages, which are more difficult for security detection tools to detect.

“As the group continues to actively target large organizations and their supply chains, firms remain at high security, operational and reputational risks.”

Source link