FBI TLP Alert
Since at least 2016, the FBI has observed an Advanced Persistent Threat (APT) actor conduct a global network exploitation campaign using the Kwampirs Remote Access Trojan (RAT) and is providing additional, non-technical information in an effort to highlight key objectives of the actor campaign.
This is a re-release of FBI FLASH message (CP-000118-MW) previously disseminated on 05 February 2020. The FBI has identified additional information regarding the Kwampirs Remote Access Trojan (RAT), which has targeted several global industries, including the software supply chain, healthcare,鈥
This is a re-release of FBI FLASH message (CP-000111-MW) previously disseminated on 06 January 2020. Since at least 2016, an ongoing campaign using the Kwampirs Remote Access Trojan (RAT) targeted several global industries, including the software supply chain, healthcare, energy, and financial鈥
Since August 2019, unidentified cyber actors have used a Pulse Secure VPN Vulnerability CVE-2019-11510, which was disclosed this past summer, to exploit notable US entities. In August 2019, cyber actors gained unauthorized access to a US financial entity鈥檚 research network using CVE-2019-11510. In鈥
Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two鈥
On 06 January 2020, the FBI disseminated the FLASH message 鈥淜wampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries鈥 (CP-000111-MW). FLASH message CP-000111-MW provided indicators of compromise for the two identified modules of the鈥
Beginning mid-January 2020, unidentified cyber actors have used a Citrix vulnerability, CVE-2019-19781, in an attempt to exploit hundreds of U.S. networks, to include private companies, educational institutions, healthcare-related infrastructure, and local and federal鈥
Following last week鈥檚 US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in鈥
FBI Flash: Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign
Since at least 2016, an ongoing campaign using the Kwampirs Remote Access Trojan (RAT) targeted several global industries, including the software supply chain, healthcare, energy, and financial sectors. The FBI assesses software supply chain companies are a key interest and target鈥