Sign In

Communications of the ACM

ACM TechNews

France Ties Russia's Sandworm to Multiyear Hacking Spree


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Logo of Agence nationale de la scurit des systmes d'information, the French National Agency for the Security of Information Systems.

France's Agence nationale de la scurit des systmes d'information (French National Agency for the Security of Information Systems) warns that hackers with tools and techniques linking them to Russia's Sandworm military hackers have stealthily hacked targets in France by exploiting an IT monitoring tool, and appear to have gotten away with it undetected for as long as three years.

Credit: Eric Piermont

The French National Agency for the Security of Information Systems (Agence nationale de la sécurité des systèmes d'information in French, or ANSSI) said attackers with tools and techniques associated with Russia's Sandworm military hackers have apparently been compromising French targets for as long as three years, escaping detection by exploiting servers running the Centreon information technology (IT) monitoring software.

The agency said targets were "mostly" IT firms and Web hosting companies, and it cited two different pieces of malware on Centreon-running servers: a publicly available backdoor called PAS, and Exaramel, which Sandworm used in a previous exploit, according to Slovakian cybersecurity firm ESET.

ANSSI also reported overlap in command and control servers used in the Centreon hacking campaign and prior Sandworm hacks.

Joe Slowik at security firm DomainTools said Sandworm is connected with destructive campaigns, which makes ANSSI's findings alarming.

Slowik added that the exploits appear to have been executed by hacking Internet-facing servers running Centreon's software within victims' networks.

From Wired
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found