Security News > 2020 > March > FBI Warns of Ongoing Kwampirs Attacks Targeting Global Industries
A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns.
Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.
Attacks involving the Kwampirs Remote Access Trojan, the FBI says, have been ongoing since 2016, targeting healthcare, software supply chain, energy, and engineering organizations in the United States, Europe, Asia, and the Middle East.
"The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products. Infected software supply chain vendors included products used to manage industrial control system assets in hospitals," the agency says.
"Kwampirs campaign actors have targeted companies in the imaging industry, to include networked scanner and copier-type devices, with domain access to customer networks. The FBI assesses these imaging vendors are targeted to gain access to customer networks, including remote or cloud management access, which could permit lateral CNE movement within victim networks," the FBI says.