Malware FBI Warned About In April Still Active

The Record reports that the business-oriented malware campaign that was the subject of an FBI alert in April has generated over 10,000 attacks against at least 200 targets worldwide.

The article quotes cybersecurity provider Kaspersky as saying the threat involves “several types of malware all at once.” It uses crypto miners and keyloggers to attack “government agencies, agricultural organizations, and wholesale and retail trade companies.” So far, according to Kaspersky, there have only been “isolated” incidents in the U.S.

The April 28^th FBI alert announced its effort to disrupt a global botnet of hundreds of thousands of infected home and office routers and other networked devices under the control of nebulous actors known as the “Sofacy Group” (also known as “apt28,” “sandworm,” “x-agent,” “pawn storm,” “fancy bear” and “sednit”). It called its operation the first step in disrupting a botnet that provides the “Sofacy” actors with an array of capabilities that could be used for a variety of malicious purposes, including “intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

According to Kaspersky, the hackers hope to use their targets’ network resources to mine cryptocurrency, steal data, and set up other malware to allow for further access. Financial gain, not destruction, seems to be the priority, but Kaspersky warns that even if the infection seems insignificant, “if actors were able to inject a miner into your corporate infrastructure, they could do the same with more dangerous software.”

“We were still finding new versions at the time of writing, so the threat to B2B is still live,” Kaspersky said. “Enterprise resources and data remain at risk.”