FBI re-sends alert about supply chain attacks for the third time in three months

kwampirs-3.png

The FBI has issued an alert on Monday about state-sponsored hackers using the Kwampirs malware to attack supply chain companies and other industry sectors as part of a global hacking campaign.

This marks the third alert about this particular group sent this year, in as many months, after the FBI sent alerts on January 6 and February 5.

This time around, the FBI highlighted that some of the group’s targets are organizations in the healthcare industry, currently grappling with the coronavirus (COVID-19) outbreak.

Besides sending out a PIN (Private Industry Notification), the FBI has also published two Flash alerts, one containing YARA rules to identify the group’s Kwampirs malware on infected networks, and the second containing a technical report, complete with IOCs (indicators of compromise).

Both Flash alerts are re-releases of the February and January reports, with additional information.

FBI warns of Kwampirs attacks on healthcare

The FBI named the group behind these attacks as Kwampirs, after the malware they used in their intrusions. They described the group as an Advanced Persistent Threat (APT), a term normally used to describe government-backed hacking groups.

FBI investigators said the group has been active since 2016 when the first attacks with the Kwampirs remote access trojan (RAT) have been observed in the wild.

“Through victimology and forensic analysis, the FBI found heavily targeted industries include healthcare, software supply chain, energy, and engineering across the United States, Europe, Asia, and the Middle East,” the FBI said. “Secondary targeted industries include financial institutions and prominent law firms.”

But above all, the FBI wanted to point out in its report that the group has heavily targeted the healthcare sector in the past.

According to the FBI, “Kwampirs operations against global healthcare entities have been effective.”

The FBI said the group gained “broad and sustained access” to targeted healthcare entities. According to the bureau, hacked targets range from major transnational healthcare companies to local hospital organizations.

Kwampirs gained access to hospitals through the supply chain

“The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products,” the agency said.

“Infected software supply chain vendors included products used to manage industrial control system (ICS) assets in hospitals,” the FBI said.

In some attacks, the hackers accessed a few machines, in others, they compromised entire enterprise networks.

The FBI credited this to the Kwampirs malware’s ability to propagate laterally across networks via the Server Message Block (SMB) protocol or via hidden admin shares.

The FBI points organizations to its two Flash technical alerts for details on detecting the group’s malware.

While FBI officials did not attempt to attribute the group to a specific country, they did point out that the Kwampirs malware contained code similarities with Disttrack, a piece of malware commonly known as Shamoon, and known to have been developed and deployed by hackers associated with the Iranian regime.

However, it is unclear if the FBI sent out yesterday’s alerts because the Kwampirs group has begun increasingly targeting healthcare organizations in recent weeks, or because the group is known to have historically targeted healthcare organizations and the bureau is attempting to put the healthcare sector on alert against future cyber-attacks.

Attacks on the healthcare industry to be expected right now

At the moment, due to the ongoing COVID-19 pandemic and the frantic search for a vaccine, healthcare and medical research organizations are now one of the most sought-after targets of cyber-attacks and cyber-espionage operations.

Last week, Reuters reported that a state-sponsored hacking group attempted to breach the World Health Organization earlier this month.

In the Risky Business Live webcast yesterday, show host and former Wired reporter Patrick Gray said attacks on healthcare and medical research organizations are to be expected due to the current circumstances.

On the same webcast, Crowdstrike co-founder Dmitri Alperovitch described intelligence services who did not engage in intelligence gathering about the current COVID-19 pandemic as “derelict of duty.”

“Right now, you have a disaster on an unimaginable scale affecting nearly every country in the world, and [it] presents an existential threat to the economy,” Alperovitch said. “The one thing that intelligence agencies are supposed to do is to help policymakers figure out how to get up crises like these.”

While the FBI shied away from saying if the Kwampirs group was engaged in intelligence gathering on the coronavirus outbreak, it did recommend that healthcare organizations take precautions to protect themselves.

ReversingLabs published a technical breakdown of the Kwampirs malware last week.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022


CryptoCurrencyUSDChange 1hChange 24hChange 7d
? --- 0.00 % 0.00 %

bitcoin
Bitcoin (BTC) $ 21,567.00
ethereum
Ethereum (ETH) $ 1,721.19
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 0.999917
bnb
BNB (BNB) $ 287.47
binance-usd
Binance USD (BUSD) $ 1.00
xrp
XRP (XRP) $ 0.341619
cardano
Cardano (ADA) $ 0.474048
solana
Solana (SOL) $ 37.67
dogecoin
Dogecoin (DOGE) $ 0.071211