The French National Agency for the Security of Information Systems (Agence nationale de la sécurité des systèmes d'information in French, or ANSSI) said attackers with tools and techniques associated with Russia's Sandworm military hackers have apparently been compromising French targets for as long as three years, escaping detection by exploiting servers running the Centreon information technology (IT) monitoring software.
The agency said targets were "mostly" IT firms and Web hosting companies, and it cited two different pieces of malware on Centreon-running servers: a publicly available backdoor called PAS, and Exaramel, which Sandworm used in a previous exploit, according to Slovakian cybersecurity firm ESET.
ANSSI also reported overlap in command and control servers used in the Centreon hacking campaign and prior Sandworm hacks.
Joe Slowik at security firm DomainTools said Sandworm is connected with destructive campaigns, which makes ANSSI's findings alarming.
Slowik added that the exploits appear to have been executed by hacking Internet-facing servers running Centreon's software within victims' networks.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found