Cybersecurity researchers at SentinelOne just found a malware on a dark net hacking forum that can target energy networks. The name of the malicious software is Furtim, which is a “dropper tool,” a platform that infects a computer and then serves as a base to launch further attacks. The malware was designed to target specifically European energy companies using Windows.
According to the security firm, Furtim was released in May, but it still remains an active threat. The researchers also added they believe the malware was created by a government-hired hacker team, likely from Eastern Europe, according to their report published on Tuesday.
Udi Shamir, chief security officer (CSO) at SentinelOne, said that it’s normal to find reused code and malware on forums because “nobody tries to reinvent the wheel again and again and again.” However, in the current case, “it was very surprising to see such a sophisticated sample” appear in hacker forums on the dark web.
“This was not the work of a kid. […] It was cyberespionage at its best,” Shamir added.
Furtim actively tries to avoid the most common antivirus products, as well as sandboxes and virtual machines, in an attempt to evade detection and stay hidden for