FBI TLP Alert
Since at least 2016, the FBI has observed an Advanced Persistent Threat (APT) actor conduct a global network exploitation campaign using the Kwampirs Remote Access Trojan (RAT) and is providing additional, non-technical information in an effort to highlight key objectives of the actor campaign.
This is a re-release of FBI FLASH message (CP-000118-MW) previously disseminated on 05 February 2020. The FBI has identified additional information regarding the Kwampirs Remote Access Trojan (RAT), which has targeted several global industries, including the software supply chain, healthcare,…
This is a re-release of FBI FLASH message (CP-000111-MW) previously disseminated on 06 January 2020. Since at least 2016, an ongoing campaign using the Kwampirs Remote Access Trojan (RAT) targeted several global industries, including the software supply chain, healthcare, energy, and financial…
Since August 2019, unidentified cyber actors have used a Pulse Secure VPN Vulnerability CVE-2019-11510, which was disclosed this past summer, to exploit notable US entities. In August 2019, cyber actors gained unauthorized access to a US financial entity’s research network using CVE-2019-11510. In…
Since June 2019, unidentified cyber actors have used a SharePoint vulnerability, CVE-2019-0604, to exploit notable US entities. Following a widespread scanning for CVE-2019-0604 in May, June, and October 2019, respectively, cyber actors compromised the network of two…
On 06 January 2020, the FBI disseminated the FLASH message “Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign Targeting Global Industries” (CP-000111-MW). FLASH message CP-000111-MW provided indicators of compromise for the two identified modules of the…
Beginning mid-January 2020, unidentified cyber actors have used a Citrix vulnerability, CVE-2019-19781, in an attempt to exploit hundreds of U.S. networks, to include private companies, educational institutions, healthcare-related infrastructure, and local and federal…
Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in…
FBI Flash: Kwampirs Malware Indicators of Compromise Employed in Ongoing Cyber Supply Chain Campaign
Since at least 2016, an ongoing campaign using the Kwampirs Remote Access Trojan (RAT) targeted several global industries, including the software supply chain, healthcare, energy, and financial sectors. The FBI assesses software supply chain companies are a key interest and target…