October 19, 2021

Local media reports have attributed the latest ransomware attack, which targeted the systems of nine health institutes in the country, to a Chinese group of actors who use the ransomware strain “DeepBlueMagic.”

Responding to the attack earlier this week, Reuven Eliyahu, the head of cybersecurity at the Health Ministry, confirmed that it was carried out by Chinese hackers and said the actors’ motives were “purely financial.”

He said in an interview with Army Radio: “This is probably a Chinese hacker group that broke away from another group and started working in August.” However, a cybersecurity industry source takes a different view, claiming that the affiliation to China is weak and that the attacks in question may have been just port scans or probes to ward off a network.

Before the attack at the weekend, an attack on the Hillel Yaffe Medical Centre on Wednesday, the health sector carried out numerous defensive activities to identify and secure open vulnerabilities, which was a major reason that the attack did not cause any damage to hospitals or medical organizations.

The Israeli National Cyber Directorate also published indicators of compromise (IOCs) where the authority proposes that Isreali organizations carry out various procedures, including checking the IOCs in the CVS file, conducting an active scan of all systems, ensuring that all VPN and email servers are updated to the latest version, updating all servers and performing password resets for all users, intensifying monitoring of unusual events on corporate networks, and finally reporting violations or unusual activities to the Israeli National Cyber Directorate.

For more information, read the original story in Bleeping Computer.