Lorenzo Bicchierai from Motherboard reported a disconcerting news, a sophisticated strain of government-made malware was found on a forum on the Dark Web. The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.
The disconcerting aspect of the story is that the such kind of
malware are not available in the black market, they are a prerogative of
well-founded ATP groups.
Recently security experts from security firm SentinelOne have spotted
a malware dubbed Furtim that was involved in an attack against one
European energy firm. The threat is highly sophisticated that could be
used to exfiltrate data from target systems and “to potentially shut
down an energy grid.”
Udi Shamir, chief security officer at SentinelOne told to
MotherBoard that is very strange to find a so complex malware on a
“it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.
Shamir pointed out that the Furtim malware is the result of a
significant effort of state sponsored hackers involved in cyber
The authors of the Furtim threat designed the malware to avoid common
antivirus solutions, as well as a virtualized environment and sandboxes
used to analyze malicious codes.
Unfortunately critical infrastructure worldwide are still too
vulnerable to cyber attack, the recent NIS directive passed by the
EU establishes minimum requirements for cyber-security on critical
In the past malware-based attacks already targeted critical
infrastructure, let’s think of the Stuxnet virus used against the
Iranian enrichment program or the BlackEnergy malware used to target
company in the energy industry. Experts speculated that the BlackEnergy
was also involved in theUkrainian outage.
Who it behind the Furtim
malware, Shamir confirmed that is the work of a government, likely from
Eastern Europe. The unique certainly it that this group has significant
resources and skills.
Friday, 15 July 2016
Thursday, 14 July 2016
A Chinese businessman has been sentenced to nearly four years in prison for conspiring to hack the computer systems of Boeing and other US defense contractors to steal military technical data.
Su Bin, a Chinese national and the owner of a Chinese aviation technology company, was sentenced Wednesday in US District Court in Los Angeles to 46 months in prison. Bin, 51, had faced up to 30 years in prison before pleading guilty in March to a federal charge of conspiracy to unlawfully access computers in the United States. The sentence comes amid heightened tensions between the two nations over computer espionage.
Su worked with the two unidentified hackers in China between 2008 and 2014, instructing them on what data to target and transmit to state-owned Chinese companies. The trio stole 65 gigabytes of sensitive information related to fighter jets such as the F-22 and the F-35 as well as Boeing's C-17 military cargo aircraft program, the Justice Department said.
"Su Bin's sentence is a just punishment for his admitted role in a conspiracy with hackers from the People's Liberation Army Air Force to illegally access and steal sensitive U.S. military information," Assistant Attorney General Carlin said in a statement. "Su assisted the Chinese military hackers in their efforts to illegally access and steal designs for cutting-edge military aircraft that are indispensable to our national defense."