Hackers were planning to use COVID-19-themed emails to infect Romanian hospitals with ransomware and disrupt operations.
Authors : Catalin Cimpanu & Zero Day
Romanian law enforcement has cracked down today on a hacker group that was preparing to launch ransomware attacks on Romanian hospitals.
Three hackers were arrested and had their homes searched in Romania and a fourth in the Republic of Moldova.
Romanian authorities said the four were members of a hacking group that went online as PentaGuard.
Romania’s Directorate for Investigating Organized Crime and Terrorism (DIICOT) said the group’s members owned malware such as remote access trojans and ransomware, tools to perform website defacements, and tools to exploit SQL injection vulnerabilities to breach web servers and steal data.
DIICOT said it learned that the group was preparing attacks against Romanian hospitals, where they were planning to deploy ransomware.
DIICOT — aided by Romania’s secret service agency (SRI) — said the hackers intended to send emails with COVID-19 lures to hospitals to infect computers, encrypt files, and disrupt hospital activity. Romanian media reported, citing DIICOT sources, that the hackers were preparing the attacks as a form of protest against the country’s COVID-19 quarantine measures.
Suspected group members have now been detained by authorities. Group member names have not been publicly released.
According to threat intelligence provided by cyber-security firm KELA, the PentaGuard group has been around since 2000, when they were involved in mass-defacements of several government and military websites, including the website of Microsoft Romania.
In recent years, the group has avoided the attention that comes with website defacements, but they have remained active on hacking forums, and resurfaced in January 2020 with new defacement attacks.