Cyber Resilience

Threat actor · all actors

OrangewormG0071 unknown

aka Orangeworm

Last updated: 2026-07-03

0attributed CVEs
4ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Orangeworm](https://attack.mitre.org/groups/G0071) is a group that has targeted organizations in the healthcare sector in the United States, Europe, and Asia since at least 2015, likely for the purpose of corporate espionage.(Citation: Symantec Orangeworm April 2018) Reverse engineering of [Kwampirs](https://attack.mitre.org/software/S0236), directly associated with [Orangeworm](https://attack.mitre.org/groups/G0071) activity, indicates significant functional and development overlaps with [Shamoon](https://attack.mitre.org/software/S0140).(Citation: Cylera Kwampirs 2022)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
CM-24 / 4100%
CM-64 / 4100%
CM-74 / 4100%
SI-44 / 4100%
AC-43 / 475%
CA-73 / 475%
SC-73 / 475%
AC-172 / 450%
AC-22 / 450%
AC-32 / 450%
AC-52 / 450%
AC-62 / 450%
CM-52 / 450%
IA-22 / 450%
SC-102 / 450%

Co-occurring actors

None.

Similar actors