FBI Alert P-000111-MW TLP White: Kwampirs Malware Indicators of Compromise Employed in Ongoing

FBI Flash Alert CP-000111-MW TLP White:

Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries

March 25, 2020

This is a re-release of FBI FLASH message (CP-000111-MW) previously disseminated on 06 January 2020. Since at least 2016, an ongoing campaign using the Kwampirs Remote Access Trojan (RAT) targeted several global industries, including the software supply chain, healthcare, energy, and financial sectors. The FBI assesses software supply chain companies are a key interest and target of the Kwampirs campaign. This campaign is a two-phased approach. The first phase establishes a broad and persistent presence on the targeted network, to include delivery and execution of secondary malware payload(s). The second phase includes the delivery of additional Kwampirs components or malicious payload(s) to further exploit the infected victim host(s).

Related Resources

Guides/Reports
Working from Home during COVID-19 Pandemic During the COVID-19 pandemic, many physicians are working from home, using their personal computers and mobile…
Guides/Reports
Public
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR 04/03/2020 04:45 PM EDT Original release date: April 3, 2020 Mozilla has released security…
Special Bulletin
Public
A recent campaign of cyberattacks from a foreign threat actor targeted healthcare organizations and specifically exploited Citrix and Zoho technologies used…
Advisory
Public
The Centers for Medicare & Medicaid Services will prioritize and conduct only certain surveys during the COVID-19 national emergency’s three-week…
Action Alert
Public
Leaders from the Senate, House and Administration continue to negotiate a third spending package related to the novel coronavirus (COVID-19). Senate Majority…
Guides/Reports
Public
A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for…