For the third time in three months, the FBI sends an alert about supply chain attacks

Written by Connor

March 31, 2020

The FBI has issued an alert about hackers on Monday using the Kwampirs malware to attack business sectors and supply chain businesses.

This marks the awake about this group delivered in as many months, even following alarms were sent by the FBI on February 5 and January 6.

This time around, the FBI emphasized that a few of the team’s goals are associations in the medical business, now grappling with the coronavirus (COVID-19) epidemic.

Apart from sending a PIN (Personal Industry Notification), the FBI has also released two infrared alarms, one comprising YARA principles to spot the group’s Kwampirs malware-infected networks, also the next comprising a specialized report, complete with IOCs (signs of compromise).

Both Flash alarms are re-releases of their January and February reports, together with added info.

The FBI called the group as Kwampirs behind those strikes, following the malware they utilized in their intrusions.

FBI researchers said the group was busy since 2016 when the initial strikes with all the Kwampirs remote access trojan (RAT) have been detected in the wild.

“During victimology and forensic investigation, the FBI discovered intensely targeted industries include health care, software supply chain, electricity, and technology across the USA, Europe, Asia, and the Middle East,” the FBI said. “Secondary targeted businesses include financial institutions and law firms.”

However, most importantly, the FBI needed to point out that the health care industry has been targeted by the team.

According to the FBI, “Kwampirs operations against international health care entities are successful.”

The FBI reported the team gained”wide and continuing access” to targeted at health issues. According to the agency, targets that are hacked vary to hospital associations from healthcare businesses that are transnational.

“The FBI assesses Kwampirs celebrities obtained access to a high number of international hospitals through vendor program supply chain and hardware goods,” the bureau stated.

“Infected applications supply chain sellers included products utilized to handle industrial management system (ICS) resources in hospitals,” the FBI said.

others, a couple of machines were obtained by the hackers, in some cases, they jeopardized enterprise networks.

The FBI imputed this on the Kwampirs malware’s capability to disperse laterally across networks through the Server Message Block (SMB) protocol or through hidden admin shares.

The FBI points associations to both Flash alarms on discovering the group’s malware for information.

While FBI officials didn’t try to feature the band to a particular nation, they did point out the Kwampirs malware comprised code similarities using Disttrack, a bit of malware popularly called Shamoon, also understood to have been created and deployed by hackers connected to the Iranian regime.

But it’s uncertain whether the FBI sent out yesterday’s alarms because the Kwampirs team has started increasingly targeting health care organizations lately, or since the team is understood to have targeted health care organizations and the agency is trying to place the medical industry on alert against potential cyber-attacks.

Right now, the search for a vaccine, health care and medical research associations as well as on account of the pandemic are among the aims of cyber-espionage and cyber-attacks surgeries.

Last week, Reuters reported a hacking team tried to breach the World Health Organization before this month.

“Right now, you have a catastrophe on an unthinkable scale impacting virtually every nation on the planet, and [it] poses an existential danger to the market,” Alperovitch said. “The 1 thing which intelligence agencies have to perform would be to aid policymakers to work out ways to get up emergencies such as these.”

It’d recommend that health care organizations take precautions to safeguard themselves Though the FBI shied away from stating if the Kwampirs team was engaged in intelligence gathering about the outbreak.


Leave a Reply

Related Articles

Coronavirus: Hackers are now launching Heaps of email scams Daily

Coronavirus: Hackers are now launching Heaps of email scams Daily

Hackers and crooks, from amateurs to professionally organized criminals, are employing the COVID-19 coronavirus outbreak as a chance to progress their aims in a time when a lot of their targets find themselves distracted, stressed and working from home....

Faster Load Times and better social media integration

Faster Load Times and better social media integration

In its current form, TheHackLabs is virtually finished, the search engine itself is now fully formed with our technology lookup tool working great! Work on the site has been more to improve the user experience over building out more features, we have closely...

Zeus Sphinx malware resurrects to leverage and abuse COVID-19 fears

Zeus Sphinx malware resurrects to leverage and abuse COVID-19 fears

After years of lying dormant, the Zeus Sphinx malware breed was resurrected to capitalize on the coronavirus pandemic at a new wave of scams. Spam emails claiming to hold the key to book coronavirus cures, texts and phone calls from operators pretending to be banks...