"Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks"

According to the US Department of Health, threat actors are targeting IT help desk employees at healthcare and public health (HPH) organizations to gain access to corporate networks and divert payments.  It was noted that as part of such an attack, a threat actor was seen calling an IT help desk employee over the phone from a local area code, posing as an employee in a financial role, and convincing them to enroll a new device in multi-factor authentication (MFA).  The attackers provided the employee with sensitive information, including their Social Security number, likely obtained from publicly available information or data breaches, and claimed that their phone was broken and could not receive MFA tokens, requesting the enrollment of a new device.  The department noted that after gaining access to the target network, the threat actor looked for login information related to payer websites and submitted a form to make ACH changes to payer accounts.  Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled US bank accounts.  The funds were then transferred to overseas accounts.

SecurityWeek reports: "Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks"