Published: March 16, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Another warning was sent out from the FBI regarding malware that is targeting software supply chain companies. The Kwampirs malware is a remote access trojan (RAT), meaning it tries to gain access from afar and allow the attackers to take complete control of the device. Often, it is attached to legitimate programs, often inside games, other small programs, or in attachments. They can hang out in “stealth” mode for some time before taking any action, which is how they can be so dangerous.
According to a notification to targeted companies, the FBI wrote, “Software supply chain companies are believed to be targeted in order to gain access to the victim’s strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution.”
But those are not the only targets. The FBI notification also included a warning about attacks against healthcare, energy, and financial services companies, though no specific companies were named. Symantec has said that a group with the code name of Orangeworm used the Kwampirs malware to target supply chain companies that provided software to healthcare companies. Orangeworm has been active since 2015 primarily focusing on healthcare, though secondary targets included manufacturing, information technology, and agriculture, as well as logistics firms.
The FBI is making further observations that the code of the malware has similarities with Shamoon. This is data-wiping malware developed by APT33, an Iranian linked hacking group.
Advice from the FBI is to scan networks for signs of Kwampirs and report infections to the FBI. In addition, be sure to keep perimeter security software properly configured and up to date.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org