New findings released last week showcase the overlapping source code and techniques between the operators of Shamoon and Kwampirs, indicating that they “are the same group or really close collaborators.”
“Research evidence shows identification of co-evolution between both Shamoon and Kwampirs malware families during the known timeline,” Pablo Rincón Crespo of Cylera Labs said.
“If Kwampirs is based on the original Shamoon, and Shamoon 2 and 3 campaign code is based on Kwampirs, […] then the authors of Kwampirs would be potentially the same as the authors of Shamoon, or must have a very strong relationship, as has been seen over the course of many years,” Rincón Crespo added.