BleepingComputer reports that attacks with the INC ransomware payload have been deployed by the Vanilla Tempest threat operation, also known as Vice Society and DEV-0832, against healthcare organizations across the U.S.
Vanilla Tempest, which was previously associated with the Rhysida ransomware group, leveraged initial network access secured from Storm-0494's Gootloader malware attacks to distribute Supper malware and AnyDesk remote monitoring and MEGA data synchronization tools before proceeding with lateral movement and the eventual execution of INC ransomware, according to the Microsoft Threat Intelligence team. Additional details regarding the organization affected by the intrusion were not provided but Michigan-based non-profit healthcare system McLaren Health Care was reported to have had its operations disrupted by an INC ransomware attack last month. Such a development comes months after the INC Ransom ransomware-as-a-service operation had its Windows and Linux/VMware ESXi encryptor source codes purportedly sold by threat actor "salfetka" on hacking forums.