An previously unknown attack group, dubbed Orangeworm by Symantec threat researchers, is installing the Kwampirs backdoor and is targeting the healthcare sector in the US, Europe and Asia. The backdoor is then used to install a remote access program, giving the attackers access to compromised machines.