H-ISAC TLP White Threat Bulletin Eclypsium Researchers Release Technical Details on Malicious Bootkits Oct 22, 2021

In the past several weeks, two separate bootkits have been reported publicly, and . These malicious tools bypass operating system security capabilities by executing first and modifying the kernel as it loads in the boot process. 

Eclypsium researchers have been tracking these bootloaders for an extended period of time, and new indicators of compromise (IOCs) have been released to specifically identify the types of attacks by these bootloaders.

The Health-ISAC Threat Operations Center is releasing these reports, which can be accessed , for FinSpy, and , for ESPecter, to improve the overall security and threat awareness of the Health-ISAC member community

Key Resources

Related Resources

Advisory
AHA and Health-ISAC Joint Threat Bulletin: Indicators of Compromise Related to Recent Health Care Ransomware Attack
Member
Advancing Health Podcast
Leadership Dialogue Series: Cybersecurity and the Fight to Safeguard Health Care
Public
Leadership Rounds
Leadership Dialogue
Public
Special Bulletin
UPDATE: AHA and Health-ISAC Threat Advisory: FBI Advises No Specific Credible Threat Targeting Hospitals
Public
Special Bulletin
AHA and Health-ISAC Bulletin on Threat to Hospitals
Member
AHA Center for Health Innovation Market Scan
Rural Hospitals Move to Enhance Cybersecurity