SFG malware discovered in European energy company

July 13, 2016

A new piece of malware has been discovered on the information networks of an unnamed European energy company.

It appears quite sophisticated according to Sentinel One Labs who discovered it. SFG, as Sentinel One Labs call it, not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched. Sentinel One speculates that it could deliver malware to   “potentially shut down an energy grid”.

It affects all versions of Windows and has been produced, by what the researchers believe to be many developers, to overcome next generation firewalls and anti-virus software. Furthermore, the malware shuts down when put into a sandboxed environment or a virtual machine to escape the notice of security teams.

This piece of malware, according to the disclosing blogpost, “exhibits traits seen in previous nation-state Rootkits, and appears to have been designed by multiple developers with high-level skills and access to considerable resources”.

Read full story…