{
	"id": "fc12751a-3e6f-4f04-bcf5-eab3cfe8ca4f",
	"created_at": "2026-04-06T00:07:12.356593Z",
	"updated_at": "2026-04-10T03:22:02.869157Z",
	"deleted_at": null,
	"sha1_hash": "72eecc02acc0e8c336862d676a0f2e69859bb2e4",
	"title": "FBI re-sends alert about supply chain attacks for the third time in three months",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 527059,
	"plain_text": "FBI re-sends alert about supply chain attacks for the third time in\r\nthree months\r\nBy Catalin Cimpanu\r\nPublished: 2020-03-31 · Archived: 2026-04-05 22:05:56 UTC\r\nThe FBI has issued an alert on Monday about state-sponsored hackers using the Kwampirs malware to attack\r\nsupply chain companies and other industry sectors as part of a global hacking campaign.\r\nThis marks the third alert about this particular group sent this year, in as many months, after the FBI sent alerts on\r\nJanuary 6 and February 5.\r\nThis time around, the FBI highlighted that some of the group's targets are organizations in the healthcare industry,\r\ncurrently grappling with the coronavirus (COVID-19) outbreak.\r\nBesides sending out a PIN (Private Industry Notification), the FBI has also published two Flash alerts, one\r\ncontaining YARA rules to identify the group's Kwampirs malware on infected networks, and the second\r\ncontaining a technical report, complete with IOCs (indicators of compromise).\r\nBoth Flash alerts are re-releases of the February and January reports, with additional information.\r\nFBI warns of Kwampirs attacks on healthcare\r\nThe FBI named the group behind these attacks as Kwampirs, after the malware they used in their intrusions. They\r\ndescribed the group as an Advanced Persistent Threat (APT), a term normally used to describe government-backed hacking groups.\r\nFBI investigators said the group has been active since 2016 when the first attacks with the Kwampirs remote\r\naccess trojan (RAT) have been observed in the wild.\r\nhttps://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/\r\nPage 1 of 3\n\n\"Through victimology and forensic analysis, the FBI found heavily targeted industries include healthcare,\r\nsoftware supply chain, energy, and engineering across the United States, Europe, Asia, and the Middle East,\" the\r\nFBI said. \"Secondary targeted industries include financial institutions and prominent law firms.\"\r\nBut above all, the FBI wanted to point out in its report that the group has heavily targeted the healthcare sector in\r\nthe past.\r\nAccording to the FBI, \"Kwampirs operations against global healthcare entities have been effective.\"\r\nThe FBI said the group gained \"broad and sustained access\" to targeted healthcare entities. According to the\r\nbureau, hacked targets range from major transnational healthcare companies to local hospital organizations.\r\nKwampirs gained access to hospitals through the supply chain\r\n\"The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software\r\nsupply chain and hardware products,\" the agency said.\r\n\"Infected software supply chain vendors included products used to manage industrial control system (ICS) assets\r\nin hospitals,\" the FBI said.\r\nIn some attacks, the hackers accessed a few machines, in others, they compromised entire enterprise networks.\r\nThe FBI credited this to the Kwampirs malware's ability to propagate laterally across networks via the Server\r\nMessage Block (SMB) protocol or via hidden admin shares.\r\nThe FBI points organizations to its two Flash technical alerts for details on detecting the group's malware.\r\nWhile FBI officials did not attempt to attribute the group to a specific country, they did point out that the\r\nKwampirs malware contained code similarities with Disttrack, a piece of malware commonly known as Shamoon,\r\nand known to have been developed and deployed by hackers associated with the Iranian regime.\r\nHowever, it is unclear if the FBI sent out yesterday's alerts because the Kwampirs group has begun increasingly\r\ntargeting healthcare organizations in recent weeks, or because the group is known to have historically targeted\r\nhealthcare organizations and the bureau is attempting to put the healthcare sector on alert against future cyber-attacks.\r\nAttacks on the healthcare industry to be expected right now\r\nAt the moment, due to the ongoing COVID-19 pandemic and the frantic search for a vaccine, healthcare and\r\nmedical research organizations are now one of the most sought-after targets of cyber-attacks and cyber-espionage\r\noperations.\r\nLast week, Reuters reported that a state-sponsored hacking group attempted to breach the World Health\r\nOrganization earlier this month.\r\nIn the Risky Business Live webcast yesterday, show producer and presenter Patrick Gray said attacks on\r\nhealthcare and medical research organizations are to be expected due to the current circumstances.\r\nhttps://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/\r\nPage 2 of 3\n\nOn the same webcast, Crowdstrike co-founder Dmitri Alperovitch described intelligence services who did not\r\nengage in intelligence gathering about the current COVID-19 pandemic as \"derelict of duty.\"\r\n\"Right now, you have a disaster on an unimaginable scale affecting nearly every country in the world, and [it]\r\npresents an existential threat to the economy,\" Alperovitch said. \"The one thing that intelligence agencies are\r\nsupposed to do is to help policymakers figure out how to get up crises like these.\"\r\nWhile the FBI shied away from saying if the Kwampirs group was engaged in intelligence gathering on the\r\ncoronavirus outbreak, it did recommend that healthcare organizations take precautions to protect themselves.\r\nReversingLabs published a technical breakdown of the Kwampirs malware last week.\r\nSource: https://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/\r\nhttps://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.zdnet.com/article/fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months/"
	],
	"report_names": [
		"fbi-re-sends-alert-about-supply-chain-attacks-for-the-third-time-in-three-months"
	],
	"threat_actors": [],
	"ts_created_at": 1775434032,
	"ts_updated_at": 1775791322,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/72eecc02acc0e8c336862d676a0f2e69859bb2e4.pdf",
		"text": "https://archive.orkl.eu/72eecc02acc0e8c336862d676a0f2e69859bb2e4.txt",
		"img": "https://archive.orkl.eu/72eecc02acc0e8c336862d676a0f2e69859bb2e4.jpg"
	}
}