Kwampirs malware - FBI issues warning to US private sector
February 2020 by Dave Weinstein, CSO at Claroty
The FBI has sent a security alert to the US private sector highlighting a hacking campaign targeting supply chain software providers. Hackers are attempting to infect companies with the Kwampirs malware which has also been deployed in attacks against companies in the healthcare, energy, and financial sectors, and has now evolved to target companies in the ICS sector, and especially the energy sector.
Dave Weinstein, CSO at Claroty comments: “The similarities between Kwampirs and Shamoon is particularly concerning, given that the latter is linked to APT33 which has recently set its sights on ICS targets. The targeting of the software supply chain vendors is consistent with APT33’s modus operandi of compromising individuals with one or two degrees of separation from the ultimate target. Owners and operators of critical infrastructure, especially in the oil and gas sector, should be vigilant of their communications with these third parties. As a best practice, all remote access connections should be monitored to prevent an account compromise that might expose an operational technology (OT) network”.