Communications of the ACM
France Ties Russia's Sandworm to Multiyear Hacking Spree
France's Agence nationale de la scurit des systmes d'information (French National Agency for the Security of Information Systems) warns that hackers with tools and techniques linking them to Russia's Sandworm military hackers have stealthily hacked tar
Credit: Eric Piermont
The French National Agency for the Security of Information Systems (Agence nationale de la sécurité des systèmes d'information in French, or ANSSI) said attackers with tools and techniques associated with Russia's Sandworm military hackers have apparently been compromising French targets for as long as three years, escaping detection by exploiting servers running the Centreon information technology (IT) monitoring software.
The agency said targets were "mostly" IT firms and Web hosting companies, and it cited two different pieces of malware on Centreon-running servers: a publicly available backdoor called PAS, and Exaramel, which Sandworm used in a previous exploit, according to Slovakian cybersecurity firm ESET.
ANSSI also reported overlap in command and control servers used in the Centreon hacking campaign and prior Sandworm hacks.
Joe Slowik at security firm DomainTools said Sandworm is connected with destructive campaigns, which makes ANSSI's findings alarming.
Slowik added that the exploits appear to have been executed by hacking Internet-facing servers running Centreon's software within victims' networks.
From Wired
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found