FBI Alert CP 000118-MW TLP White: YARA Rules to Identify Kwampirs Malware Employed in Ongoing

FBI Alert CP 000118-MW TLP White:

YARA Rules to Identify Kwampirs Malware Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries

March 25, 2020

This is a re-release of FBI FLASH message (CP-000118-MW) previously disseminated on 05 February 2020.

The FBI has identified additional information regarding the Kwampirs Remote Access Trojan (RAT), which has targeted several global industries, including the software supply chain, healthcare, energy, and financial sectors. Software supply chain companies are believed to be targeted in order to gain access to the victim’s strategic partners and/or customers, including entities that support Industrial Control Systems (ICS) for global energy generation, transmission, and distribution. The Kwampirs RAT has been observed by the FBI supporting targeted computer intrusions on these sectors, including supporting additional module execution on the targeted victim network, believed to enable follow-on computer network exploitation operations.

Related Resources

Guides/Reports
Working from Home during COVID-19 Pandemic During the COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile…
Guides/Reports
Public
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR 04/03/2020 04:45 PM EDT Original release date: April 3, 2020 Mozilla has released security…
Special Bulletin
Public
A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used…
Advisory
Public
The Centers for Medicare & Medicaid Services will prioritize and conduct only certain surveys during the COVID-19 national emergency’s three-week…
Action Alert
Public
Leaders from the Senate, House and Administration continue to negotiate a third spending package related to the novel coronavirus (COVID-19). Senate Majority…
Guides/Reports
Public
A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for…