The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.
The disconcerting aspect of the story is that the such kind of malware are not available in the black market, they are a prerogative of well-founded ATP groups.
Recently security experts from security firm SentinelOne have spotted a malware dubbed Furtim that was involved in an attack against one European energy firm. The threat is highly sophisticated that could be used to exfiltrate data from target systems and “to potentially shut down an energy grid.”
Udi Shamir, chief security officer at SentinelOne told to MotherBoard that is very strange to find a so complex malware on a hacking forum.
“it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.
Shamir pointed out that the Furtim malware is the result of a significant effort of state sponsored hackers involved in cyber espionage operations.
The authors of the Furtim threat designed the malware to avoid common antivirus solutions, as well as a virtualized environment and sandboxes used to analyze malicious codes.
Unfortunately critical infrastructure worldwide are still too vulnerable to cyber attack, the recent NIS directive passed by the EU establishes minimum requirements for cyber-security on critical infrastructure operators.
In the past malware-based attacks already targeted critical infrastructure, let’s think of the Stuxnet virus used against the Iranian enrichment program or the BlackEnergy malware used to target company in the energy industry. Experts speculated that the BlackEnergy was also involved in the Ukrainian outage.
Who it behind the Furtim malware, Shamir confirmed that is the work of a government, likely from Eastern Europe. The unique certainly it that this group has significant resources and skills.
(Security Affairs – government malware, Furtim)