Green Nailao delivered a variant of the ShadowPad malware to facilitate the execution of NailaoLocker.
European healthcare organisations were increasingly targeted with the NailaoLocker ransomware in the second half of 2024.
According to researchers from Orange Cyberdefense, after initially compromising Check Point Security Gateways through the exploitation of the CVE-2024-24919 vulnerability, Green Nailao proceeded to deliver a stealthier variant of the ShadowPad malware and the PlugX backdoor to facilitate the execution of NailaoLocker.
The flaw, tracked as CVE-2024-24919, allows attackers to access sensitive data on Check Point’s Security Gateway. The vulnerability likely enabled the hackers to steal user credentials and access virtual private networks (VPNs) using legitimate accounts, according to The Record.
"While such campaigns can sometimes be conducted opportunistically, they often allow threat groups to gain access to information systems that can be used later to conduct other offensive operations," said the report.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
