The FBI has published a Private Industry Notification (PIN) on Kwampirs, a remote access Trojan the FBI says has heavily targeted several industries, including energy and the software supply chain. As described in the PIN, a campaign with Kwampirs employs a two-phased approach. The first phase establishes a broad and persistent presence on the targeted network, to include delivery and execution of secondary malware payload(s). The second phase includes the delivery of additional Kwampirs components or malicious payload(s) to further exploit the infected victim host(s). The PIN provides further details about Kwampirs and provides recommendations for network security and defense and post-infection actions.

WaterISAC has previously provided information on Kwampirs, including for two FBI FLASH messages (the first published on January 6, 2020 and the second on February 5).