The Evilnugget case: The potential for cyberespionage

The EVILNUGGET case: The potential for cyberespionage

Healthcare data, and specifically medical research data, is increasingly targeted by Chinese advanced persistent threat (APT) groups (IANS, 2019). In August 2019 FireEye, a US-based cybersecurity firm, reported a data breach of an Indian-based healthcare website (IANS, 2019). Reportedly, 6.800.000 (68 lakh) records were stolen. The breach was discovered after FireEye noticed an increase in sales of healthcare data on underground markets, among which were data of a leading Indian healthcare organisation.

In April 2019, a US health centre was targeted through a tailored phishing campaign, carrying EVILNUGGET malware. One of the so called lure documents, referenced a conference hosted by the targeted organisation. The hackers were reportedly interested in data resulting from cancer research undertaken by the health centre (FireEye, 2019; Osborne, 2019).

Cancer is currently the leading cause of death in China. Obtaining medical research data may help speed up the process for the development of new medication. The sooner new medication is found, the sooner healthcare costs may lower. It also gives the additional advantage on the pharmaceutical market, if domestic companies are quicker to market than their Western competitors (IANS, 2019; Osborne, 2019).

This case shows that the interest in healthcare data should not be underestimated. Attacks may come from a variety of actors who use a mix of tactics. Healthcare organisations and their data are targeted for financial gain, to advance medical research, and/or to create market opportunities. Healthcare organisations should remain vigilant for phishing attempts. This becomes more challenging if hackers tailor their campaign to a specific organisation. Training staff members on how to recognise phishing remains an important topic. A helpful tool for organisations to highlight specific challenges for their staff could consist of sending fake phishing emails to staff members.


FireEye. (2019). Beyond Compliance: Cyber threats and healthcare. Retrieved from

IANS. (2019, August 22). Hackers attack Indian healthcare website, steal 68 lakh records. Retrieved 30 September 2019, from Gulf News website:

Osborne, C. (2019, August 21). Cancer research organizations are now the focus of Chinese hacking groups. Retrieved 30 September 2019, from ZDNet website: