Researchers have identified a 64-bit version of Windows malware called Havex, which has been used for espionage purposes against the industrial and energy sector as well as to target pharmaceutical companies.
“Dragonfly,” the attack group leveraging Havex, had previously been known to use versions of the malware compatible only with 32-bit versions of the platform, being that most targeted systems were Windows XP which had reached end of support, Trend Micro said Monday.
The company, however, found two infections running on Windows 7 64-bit systems, which is dissected on its blog.
In one infection, researchers saw that a version of Havex (v023) was previously a 64-bit file, but was “upgraded to a 32-bit v029 Havex RAT." It also appeared that infrastructure between the malware versions may have been shared.
Trend Micro advised ICS operators to validate software installed on endpoints and continuously monitor HTTP traffic.