FBI warns that hackers are targeting software supply chain providers
Kwampirs malware resurfaces in attacks against software supply chain companies
The FBI has warned US private sector companies about an ongoing hacking campaign targeting supply chain software providers in a recent security alert.
According to the FBI, hackers are currently attempting to infect organizations with a remote access trojan (RAT) known as the Kwampirs malware. In a private industry notification sent to businesses last week, the law enforcement agency warned that software supply chain companies are being targeted as a way to reach their partners and customers, saying:
"Software supply chain companies are believed to be targeted in order to gain access to the victim's strategic partners and/or customers, including entities supporting Industrial Control Systems (ICS) for global energy generation, transmission, and distribution."
- Top software download site came with a backdoor for hackers
- Attacking the supply chain - should your business be worried?
- Banks being targeted with major malware campaign
In addition to being used to attack supply chain software providers, the FBI also said that this same malware has also been deployed to attack companies in the healthcare, energy and financial sectors.
Kwampirs malware
While the security alert sent out by the FBI did not identify any of the supply chain software providers that are currently being targeted, the agency did share IOCs (indicators of compromise) along with YARA rules to help organizations scan their internal networks for any signs of the Kwampirs RAT.
The Kwampirs malware was first detailed by the cybersecurity firm Symantec back in 2018 and at that time, the firm said a group called Orangeworm had used the malware to target supply chain companies that produced software for the healthcare sector.
The FBI's alert warns that attacks which employ Kwampirs have now evolved to target companies in the ICS (Industrial Control Systems) sector. The agency also claims that new evidence from analyzing the malware's code suggests that it contains “numerous similarities” with the data-wiping Shamoon malware which was developed by APT33.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The FBI recommends that organizations scan their networks for any signs of the Kwampirs malware and that they report any infections they find.
- Keep your devices protected with the best antivirus software
Via ZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.