Amidst the US taking the hard hit from Coronavirus, the FBI is warning several hospitals and supply chain firms to be aware of potential malware attacks. Attackers don’t just see for vulnerable people, but for vulnerable situations too. And what’s good than everyone running for their lives. This emergency can be cashed if planned properly, thus, the FBI passed a PIN to all institutions that may be targeted with Kwampirs malware.
FBI is warning institutions about potential malware attacks as Kwampirs, as this could be the right time for them to prey on. Institutions as healthcare, supply chain, energy, and engineering could be targeted, as they remain crucial for aiding facilities for Coronavirus patients. Breaching them could garner lucrative sums. FBI assumes these Kwampirs malware to be a state-backed hacker as APT (Advanced Persistent Threat), who’s good at cashing adverse situations as now.
A New and Old Notice
FBI has freshly issued PIN (Private Industry Notification) alert on Monday, along with two flash alerts which were re-released from January and February notifications. These flash alerts include of YARA rules to detect Kwampirs malware in a compromised network and IOCs with technical reports about Kwampirs malware. IT departments of every company should study them to be aware.
Kwampirs malware is a RAT (Remote Access Trojan) and was active since 2016. Its exclusive targets are healthcare, software supply chain and energy industries. Further, they may also attack engineering, banking, and others. These would be attacking enterprise software used by institutions and can spread throughout the network via Server Message Block (SMB). This would give them a chance for demanding hefty ransoms.
FBI didn’t exactly mention the nation these attackers are associated with, but with code snippets from Kwampirs resembles that of Disstrack, which is a part of Shamoon, hailing from Iranian groups. After all, this emergency situation is so vulnerable to be cashed by anyone, so be aware by following FBI protocols.
Via: ZDNet
Source: FBI
