This was reported by Kaspersky Lab at a press conference dedicated to the results of 2025 and forecasts for 2026.
At the end of 2025, Russian medical institutions were subjected to targeted cyberattacks organized by attackers who masqueraded as well-known insurance companies and hospitals. The letters sent on their behalf contained archives with the BrockenDoor backdoor, which allows remote control of an infected computer.
According to experts, the attackers used plausible legends, such as customer complaints about treatment or requests for urgent hospitalization of patients. To increase trust, they registered domains that included the names of real organizations, but with the addition of additional words.
After installation on the victim's computer, BrockenDoor can transmit information about the system to attackers and execute commands for further distribution over the network. According to Kaspersky Lab, the number of such attacks in 2025 increased by 61% compared to 2024.
