The Labs team at malware protection company SentinelOne has discovered a sophisticated malware campaign that’s specifically targeting at least one European energy company.
The malware, called SFG, is the mother ship of an earlier malware sample called Furtim, which targets the industrial automation control systems with sophisticated malware and acts as dropper to deliver a payload which could be used to extract data or potentially shut down the energy grid.
The malware has been developed to work on devices running any version of Microsoft Windows and has been carefully designed to bypass traditional antivirus software and firewalls — including those using both static and heuristic techniques. It’s also primed to detect when it’s being run in a sandbox environment or on systems using biometric access control systems. Where such defenses are detected the software re-encrypts itself and stops working until released from the sandbox in order to avoid detection by security analysts.