ResolverRAT: A Sophisticated Threat Targeting Healthcare and Pharma
1 min read
Summary
A new Remote Access Trojan (RAT), called ResolverRAT, has been found to be targeting the healthcare and pharmaceutical industries.
The RAT was discovered in March 2025, and is notable for using advanced phishing campaigns and DLL side-loading techniques, as well as performing AES-256 encryption, reflective DLL loading and using a bespoke certificate validation system.
This makes ResolverRAT particularly stealthy, as it is able to infiltrate systems, maintain persistence and steal sensitive data whilst avoiding detection.
At the time of discovery, the campaign was found to be targeting healthcare and pharmaceutical organisations globally with localised phishing emails, using a multi-stage infection chain.
This highlights the continuing attractiveness of the healthcare industry to cyber attackers due to the sensitivity of the data within, and the importance of the systems used to hold this data.