Experts found a government malware on the Dark Web

Experts have made a disconcerting discovery on the Dark Web, they have found a sophisticated government malware that could be used to target Energy Grids.

We have discussed several times about the militarization of the cyberspace and the risks that a government malware goes out of control, what about is a powerful hacking tool is leaked online?

Well, Lorenzo Bicchierai from Motherboard reported a disconcerting news, a sophisticated strain of government-made malware was found on a forum on the Dark Web.

The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.

The disconcerting aspect of the story is that the such kind of malware are not available in the black market, they are a prerogative of well-founded ATP groups.

Recently security experts from security firm SentinelOne have spotted a malware dubbed Furtim that was involved in an attack against one European energy firm. The threat is highly sophisticated that could be used to exfiltrate data from target systems and “to potentially shut down an energy grid.”

Udi Shamir, chief security officer at SentinelOne told to MotherBoard that is very strange to find a so complex malware on a hacking forum.

“it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.

Shamir pointed out that the Furtim malware is the result of a significant effort of state sponsored hackers involved in cyber espionage operations.

The authors of the Furtim threat designed the malware to avoid common antivirus solutions, as well as a virtualized environment and sandboxes used to analyze malicious codes.

Unfortunately critical infrastructure worldwide are still too vulnerable to cyber attack, the recent NIS directive passed by the EU establishes minimum requirements for cyber-security on critical infrastructure operators.

In the past malware-based attacks already targeted critical infrastructure, let’s think of the Stuxnet virus used against the Iranian enrichment program or the BlackEnergy malware used to target company in the energy industry. Experts speculated that the BlackEnergy was also involved in the Ukrainian outage.

Who it behind the Furtim malware, Shamir confirmed that is the work of a government, likely from Eastern Europe. The unique certainly it that this group has significant resources and skills.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – government malware, Furtim)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.