Menu
Browse

Cyber Threat Actor: Osiris banking Trojan

Actor Type Location Known Incidents
 Icon
Criminal
Russia
0 incidents
Profile

The threat actor responsible for the Maze ransomware attack is a criminal operation with origins in Russia, as indicated by the reported attack vector. This incident involved the encryption and exfiltration of data from Benefit Recovery Specialists Inc. (BRSI), a Houston-based subcontractor responsible for billing and collections related to Texas Medicaid. The breach, which occurred in early 2020, exposed the personal information of 274,837 individuals, including low-income Medicaid patients. The actor's primary objective is financial, leveraging ransomware to disrupt operations and extort payment while stealing data for additional pressure. The malware employed in this attack is Maze, a ransomware family known for its use in prior campaigns, though specific technical details of the intrusion are not provided in the report.

Targeting in this case centered on the healthcare sector, specifically a service provider handling Medicaid-related financial and health data, which aligns with ransomware actors' focus on organizations with critical operations and sensitive information. The Russian provenance of the attack is noted, but no state sponsorship or formal affiliation is attributed in the available information. This operation is significant due to the scale of the breach and its impact on a vulnerable population, as well as the subcontractor's delayed and incomplete disclosure to state authorities. The incident underscores the threat posed by ransomware groups to healthcare infrastructure and the challenges in incident reporting and transparency. The Maze ransomware has been implicated in numerous attacks globally, but this profile is limited to the details surrounding the Texas Medicaid breach as described in the source material.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source