HPH Sector Warned About 8Base Data Extortion Group
The 8Base hacking group has been active since March 2022 and while the group does not appear to actively target the healthcare sector, its indiscriminate attacks have included multiple healthcare organizations, with recent victims including the cosmetic and reconstructive plastic surgery practice of Eduardo G. Barrosso MD in October, and attacks on Kansas Medical Center, Stockdale Podiatry, Oregon Sports Medicine, Dental One Craigiebur, Redwood Lab Services, and ClearMedi Healthcare. The recent attacks on healthcare and public health (HPH) sector organizations have prompted the Health Sector Cybersecurity Coordination Center (HC3) to publish an analyst note about the group.
First and foremost, 8Base is a data extortion group although the group has also conducted ransomware attacks using multiple ransom stains. The primary purpose of the attacks is to steal sensitive data, which the group threatens to publish to extort money from victims. The group stepped up operations in May and June this year and was one of the top three data extortion and ransomware groups in July 2023. The group’s dark web data leak site currently lists more than 225 victims from late May to November 2023.
8base claims on its data leak site that they are honest penetration testers who only attack companies that have neglected the importance of employee and customer privacy. Despite having conducted many attacks, relatively little is known about the group such as whether it operates as a ransomware-as-a-service operation. The rapid scaling up of activity this year has led security researchers to believe that members of the group are experienced, and 8base may be the new name for a well-established, mature threat group. Similarities between the RansomHouse and Phobos groups have been identified. 8base is known to have used Phobos ransomware in some of its attacks.
The primary methods the group uses for access to victims’ networks are phishing, exploit kits, and drive-by downloads. Its victims spam a broad range of sectors and include law firms, accountants, manufacturers, scientific companies, construction firms, and healthcare organizations. While organizations in multiple countries have been attacked, the group appears to mostly focus on attacks in the United States, Brazil, and the United Kingdom.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While not appearing to actively target healthcare organizations, the group does pose a threat to the HPS sector. HC3 has shared MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) associated with the group, Indicators of Compromise (IOCs), and recommended defense measures and mitigations in its analyst note. “8Base may be new to the cyber threat landscape, but in its short existence, it has proven to be a formidable adversary. Any disruption to an organization’s operations can lead to severe consequences, especially to the HPH sector,” wrote HC3 in its analyst note. “Whether it is affiliated to or an off-shoot of other threat actors, 8Base’s focus on data exfiltration instead of file encryption highlights the need to prioritize cyber security best practices, and prevent unauthorized access to an organization’s systems and networks.”
