U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts found a government malware on the Dark Web

Experts have made a disconcerting discovery on the Dark Web, they have found a sophisticated government malware that could be used to target Energy Grids. We have discussed several times about the militarization of the cyberspace and the risks that a government malware goes out of control, what about is a powerful hacking tool is […]

Nova Scotia Power

Experts have made a disconcerting discovery on the Dark Web, they have found a sophisticated government malware that could be used to target Energy Grids.

We have discussed several times about the militarization of the cyberspace and the risks that a government malware goes out of control, what about is a powerful hacking tool is leaked online?

Well, Lorenzo Bicchierai from Motherboard reported a disconcerting news, a sophisticated strain of government-made malware was found on a forum on the Dark Web.

The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.

The disconcerting aspect of the story is that the such kind of malware are not available in the black market, they are a prerogative of well-founded ATP groups.

Recently security experts from security firm SentinelOne have spotted a malware dubbed Furtim that was involved in an attack against one European energy firm. The threat is highly sophisticated that could be used to exfiltrate data from target systems and “to potentially shut down an energy grid.”

uk power grid

Udi Shamir, chief security officer at SentinelOne told to MotherBoard that is very strange to find a so complex malware on a hacking forum.

it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.

Shamir pointed out that the Furtim malware is the result of a significant effort of state sponsored hackers involved in cyber espionage operations.

The authors of the Furtim threat designed the malware to avoid common antivirus solutions, as well as a virtualized environment and sandboxes used to analyze malicious codes.

Unfortunately critical infrastructure worldwide are still too vulnerable to cyber attack, the recent NIS directive passed by the EU establishes minimum requirements for cyber-security on critical infrastructure operators.

In the past malware-based attacks already targeted critical infrastructure, let’s think of the Stuxnet virus used against the Iranian enrichment program or the BlackEnergy malware used to target company in the energy industry. Experts speculated that the BlackEnergy was also involved in the Ukrainian outage.

Who it behind the Furtim  malware, Shamir confirmed that is the work of a government, likely from Eastern Europe. The unique certainly it that this group has significant resources and skills.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  government malware, Furtim)