Kwampirs Malware – FBI Issues Warning To US Private Sector

The FBI has sent a security alert to the US private sector highlighting a hacking campaign targeting supply chain software providers. Hackers are attempting to infect companies with the Kwampirs malware which has also been deployed in attacks against companies in the healthcare, energy, and financial sectors, and has now evolved to target companies in the ICS sector, and especially the energy sector.


EXPERTS COMMENTS
Matt Walmsley, EMEA Director,  Vectra
February 12, 2020
The FBI’s report that threat actors are using digital supply chain infections as a distribution.
Remote Access Trojans (RATs) are an insidious set of attacker tools that invade our systems, data and privacy. With so much legitimate remote access happening across our networks and hosts, there’s plenty of opportunities for RATs to operate undiscovered as they hide in plain sight. The FBI’s report that threat actors are using digital supply chain infections as a distribution means for Kwampi ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
February 12, 2020
Kwampirs is a backdoor Trojan that provides attackers with remote access to a compromised computer.
It’s concerning, but not altogether surprising, that according to the FBI, the Kwampirs malware is being used against supply chain software companies. Kwampirs is a backdoor Trojan that provides attackers with remote access to a compromised computer. Once inside a victim’s network, the malware propagates aggressively, such as by copying itself over network shares. In the past, Kwampirs was use ....
[Read More >>]
Jeremy Hendy, CEO,  Skurio
February 11, 2020
One of the most effective is to add specially tagged synthetic identities to confidential datasets.
Data breaches frequently happen because there’s a security failure at a supply chain partner. It’s not unusual for the breach to occur some way down the chain - maybe three or four levels removed from your own organisation. In truth the more partner connections you have the greater your digital risk profile, exposing you to threats beyond the network perimeter that you are powerless to control ....
[Read More >>]
Dave Weinstein, CSO,  Claroty
February 11, 2020
The similarities between Kwampirs and Shamoon is particularly concerning, given that the latter is linked to APT33.
The similarities between Kwampirs and Shamoon is particularly concerning, given that the latter is linked to APT33 which has recently set its sights on ICS targets. The targeting of the software supply chain vendors is consistent with APT33's modus operandi of compromising individuals with one or two degrees of separation from the ultimate target. Owners and operators of critical infrastructure, e ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article