Cyber Threat Actor: Enzo Biochem
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
The threat actor known publicly asEnzo Biochem operates under that alias and is based in the United States of America. Little is publicly disclosed about the actor's internal structure or origins beyond the name used in reported incidents. The alias appears in connection with a ransomware event that affected a healthcare provider in 2023. No alternative names or affiliations have been identified in open sources.
The only confirmed activity attributed to Enzo Biochem is the May 26, 2023 incident targeting Medford Radiology Group, a radiology practice located in the United States. The attack disrupted the provider's ability to access medical images and affected internal IT systems while leaving external partners unaffected. The sector involved is healthcare, specifically diagnostic imaging services. The geographic focus of the observed activity is domestic to the United States. No further targeting of other industries or regions has been publicly reported for this actor.
The method used in the Medford Radiology Group incident was characterized as a ransomware deployment that encrypted files and prevented access to critical systems. Initial access vectors, specific malware families, or post‑exploitation tools employed by the actor have not been disclosed in the available reporting. The impact included operational disruption and the potential exposure of patient data, prompting an ongoing investigation with third‑party experts. The actor's tooling style, as observed, aligns with typical ransomware operations aimed at denying access to data until a demand is met.
Public sources do not establish any state sponsorship, criminal consortium affiliation, or broader campaign linkage for Enzo Biochem. The Medford Radiology Group event stands as the sole publicly reported operation associated with the alias at this time. No additional campaigns, tools, or infrastructure have been attributed to the actor in open‑source reporting. Consequently, the actor's profile remains limited to the single confirmed incident described above.