Cybersecurity researchers at SentinelOne just found a malware on a dark net hacking forum that can target energy networks. The name of the malicious software is Furtim, which is a “dropper tool,” a platform that infects a computer and then serves as a base to launch further attacks. The malware was designed to target specifically European energy companies using Windows.
According to the security firm, Furtim was released in May, but it still remains an active threat. The researchers also added they believe the malware was created by a government-hired hacker team, likely from Eastern Europe, according to their report published on Tuesday.
Udi Shamir, chief security officer (CSO) at SentinelOne, said that it’s normal to find reused code and malware on forums because “nobody tries to reinvent the wheel again and again and again.” However, in the current case, “it was very surprising to see such a sophisticated sample” appear in hacker forums on the dark web.
“This was not the work of a kid. […] It was cyberespionage at its best,” Shamir added.
Furtim actively tries to avoid the most common antivirus products, as well as sandboxes and virtual machines, in an attempt to evade detection and stay hidden for as long as possible. The goal of the malware is “to remove any antivirus software that is installed on the system and drop its final payload,” according to SentinelOne’s report.
It is feared by experts that a cyber conflict would start with the takedown of the energy grid since it is highly vulnerable to cyber-related attacks. By the end of last year, hackers believed to be working for the Russian government caused a blackout in parts of Ukraine after gaining access to the power system using malware.
It was not revealed by the researcher team who was behind the creation of Furtim, however, Shamir says most possibly, it was a government from Eastern Europe with a lot of resources and skills.