Cyber security threats in this era have expanded in its scope and seriousness. It can be millions or even billions of dollars to manage a risk when information security isn’t handled properly.
The FBI (Federal Bureau of Investigation) in a recent security alert has warned the US private sector companies about an ongoing hacking campaign mainly targeting the supply chain providers. The attackers use the “Kwampirs RAT” malware to infect the security of the companies.
The Kwampirs malware was first disclosed by Symantec in April 2018. Kwampirs is a Trojan used to gain unauthorized access to the targeted computers. When it gains access, the Trojans decrypts and extracts a copy of its main DLL payload. The Trojan gathers some basic information about the target system and uses this to know if the victim is a high-value target. If so, it carries the Trojan across open network shares to affect additional systems. It collects sensitive data on the devices and networks. Symantec has reported that a group name Orangeworm had used this malware to target particularly supply chain companies that provide software for the healthcare, energy, and finance sector.
According to the FBI, cybercriminals recently attempt to spoil organizations with a remote access Trojan (RAT). It is the “Kwampirs malware” targeting the companies in the Industrial Control System (ICS) sector. FBI has noted that threat actors behind the campaign are trying to affect the companies with Kwampirs RAT. The alert sent by the FBI is similar to the one carried out in 2018. But the only difference is it is now the cybercriminals are targeting companies in the ICS sector.
FBI in a private industry notification said, “Software supply chain companies are believed to be targeted in order to gain access to the victim’s strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution”.
FBI also said about the new evidence from code analysis suggests that this malware contains numerous similarities with Shamoon malware. Shamoon is a dangerous virus developed by APT33. Shamoon is dangerous due to its destructive nature of the attack and the cost of recovery.
This malware in addition to software supply-chain companies, also targets other companies like healthcare, energy, and finance sectors. While the alert didn’t name any of the victims involved in the attacks but it did provide IOCs (an indication of compromise) and YARA rules. They enable organizations to scan for Kwampirs malware and mitigate any infection if found on the organization’s network.
FBI further recommends that every organization should scan their network for detecting any sign of Kwampirs malware or better consult a cyber security expert.
Note: Always keep your devices protected with the best antivirus software to keep it safe from such kinds of cyberattacks.
Leave a Comment:
Get Exclusive Cyber Security Tips On:
Prevention from damage dealt to an organization’s reputation.
Investments on fixing the issues caused by attack.
Preventing confidential data and Intellectual Property being stolen
Prevention of revenue loss due to service disruption and much more.