Federal authorities are warning the healthcare sector of hackers who are most likely Chinese state threat actors.
Godzilla webshell is a Chinese-language backdoor used by cybercriminals to execute commands and manipulate files as part of larger cyberattacks, according to the Nov. 12 analyst note from HHS' Office of Information Security and the Health Sector Cybersecurity Coordination Center. The cyber weapon has been attributed to Chinese state threat actors with "relatively high confidence."
"The interest in healthcare data globally continues not only for espionage purposes against targets — building an inventory of hardships/weak points as well as seeking out healthcare data to better serve their local industries," cybersecurity expert Dave Klein said in a Nov. 6 Threatpost story.
HHS recommended healthcare organizations review a Cybersecurity and Infrastructure Security Agency report on mitigating Godzilla risks, and webshell defense tips from the National Security Agency, Group-IB and Imperva.