Business-oriented threat involving ‘several types of malware all at once’ remains active

A malware campaign that prompted an FBI alert in April has amounted to more than 10,000 attacks against at least 200 targets worldwide, according to cybersecurity researchers.

The threat involves “several types of malware all at once,” including cryptominers and keyloggers, against a wide range of victims, such as “government agencies, agricultural organizations, and wholesale and retail trade companies,” cybersecurity firm Kaspersky reported on Wednesday.

Neither the FBI nor Kaspersky has publicly attributed the campaign to a known cyberthreat group. The emphasis is on enterprises that provide business-to-business (B2B) products and services, Kaspersky said.

“We were still finding new versions at the time of writing, so the threat to B2B is still live,” the researchers said. “Enterprise resources and data remain at risk.”

The original alert from the FBI — issued April 28 directly to government agencies and businesses — said the malware campaign was spotted targeting “the products of a distributor of equipment to government, law enforcement, and non-profit organizations.”

Moscow-based Kaspersky said U.S. incidents were “isolated.” Most of the attacks the researchers spotted were aimed at organizations in Russia, Saudi Arabia, Vietnam, Brazil and Romania.

The hackers’ goal is to secretly use a target’s network resources to mine Monero cryptocurrency, steal data and set up other malware to allow for further access, Kaspersky said. Compromised devices “are infected with a backdoor and a keylogger that captures passwords and other keyboard input.”

Although financial gain appears to be the hackers’ priority, and not destructive attacks, Kaspersky said businesses should be vigilant about such activity.

“Even if a cryptominer infection seems insignificant to you, bear in mind that if actors were able to inject a miner into your corporate infrastructure, they could do the same with more dangerous software,” Kaspersky said.