Lorenzo Bicchierai from Motherboard reported a disconcerting news, a sophisticated strain of government-made malware was found on a forum on the Dark Web. The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.
The disconcerting aspect of the story is that the such kind of
malware are not available in the black market, they are a prerogative of
well-founded ATP groups.
Recently security experts from security firm SentinelOne have spotted
a malware dubbed Furtim that was involved in an attack against one
European energy firm. The threat is highly sophisticated that could be
used to exfiltrate data from target systems and “to potentially shut
down an energy grid.”
Udi Shamir, chief security officer at SentinelOne told to
MotherBoard that is very strange to find a so complex malware on a
“it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.
Shamir pointed out that the Furtim malware is the result of a
significant effort of state sponsored hackers involved in cyber
The authors of the Furtim threat designed the malware to avoid common
antivirus solutions, as well as a virtualized environment and sandboxes
used to analyze malicious codes.
Unfortunately critical infrastructure worldwide are still too
vulnerable to cyber attack, the recent NIS directive passed by the
EU establishes minimum requirements for cyber-security on critical
In the past malware-based attacks already targeted critical
infrastructure, let’s think of the Stuxnet virus used against the
Iranian enrichment program or the BlackEnergy malware used to target
company in the energy industry. Experts speculated that the BlackEnergy
was also involved in theUkrainian outage.
Who it behind the Furtim
malware, Shamir confirmed that is the work of a government, likely from
Eastern Europe. The unique certainly it that this group has significant
resources and skills.