Security News > 2022 > March > Researchers Find New Evidence Linking Kwampirs Malware to Shamoon APT Hackers
New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they "Are the same group or really close collaborators."
"Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline," Pablo Rincón Crespo of Cylera Labs said.
"If Kwampirs is based on the original Shamoon, and Shamoon 2 and 3 campaign code is based on Kwampirs, [] then the authors of Kwampirs would be potentially the same as the authors of Shamoon, or must have a very strong relationship, as has been seen over the course of many years," Rincón Crespo added.
At least two updated versions of Shamoon have since emerged, Shamoon 2 in 2016 and Shamoon 3 in 2018.
It's a Shamoon dropper but sans the wiper feature, while simultaneously reusing the same loader code as Kwampirs.
In connecting the disparate dots, the investigation has led to the assessment that Kwampirs is likely based on Shamoon 1 and that Shamoon 2 inherited some of its code from Kwampirs, implying that the operators of both the malware are different sub-groups of a larger umbrella groups or that it's the work of a single actor.
News URL
https://thehackernews.com/2022/03/researchers-find-new-evidence-linking.html
Related news
- Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)