Intrusions spreading the novel NailaoLocker ransomware payload have been launched by suspected Chinese cyberespionage operation Green Nailao against European healthcare organizations during the last six months of 2024, according to The Record, a news site by cybersecurity firm Recorded Future.
A report from Orange Cyberdefense found that after initially compromising Check Point Security Gateways through the exploitation of the CVE-2024-24919 vulnerability, Green Nailao delivered a stealthier variant of the ShadowPad malware and the PlugX backdoor — both of which linked to Chinese groups — to facilitate the execution of NailaoLocker.
With NailaoLocker lacking in sophistication, such a campaign may have only been conducted by Green Nailao as a diversion for pilfering sensitive information from targeted systems, said researchers.
"While such campaigns can sometimes be conducted opportunistically, they often allow threat groups to gain access to information systems that can be used later to conduct other offensive operations," said the report.
