Dragos security researchers identified a new cybercriminal group Hexane that aims industrial control systems in…
As mentioned above, the hacks that have occurred are associated with the Centreon monitoring platform that developed same-named French company. In essence, this product is almost identical in functionality to SolarWinds’ Orion platform, which was reported to have been compromised last December.
Centreon’s clients include many well-known organizations, as Airbus, Air France, KLM, Agence France-Presse (AFP), Euronews, Orange, Arcelor Mittal, Sephora and even the French Ministry of Justice.
“The attackers attacked Centreon systems accessible over the Internet, but it remains unclear whether the hackers exploited some vulnerability in Centreon or brute-force passwords for administrator accounts”, – write ANSSI experts.
We only know that many of the victims were using the latest versions of Centreon, and what happened was not a supply chain attack, as in the case of SolarWinds.
If the attack was successful, the attackers infected the system with the PAS web shell and the Exaramel backdoor Trojan, which ensured full control of the compromised system and the adjacent network.
ANSSI is now urging all French and international organizations to check their Centreon installations and systems for compromise and the presence of PAS and Exaramel malware.
At the end of 2020, the US Department of Justice indicted six Russian citizens that were allegedly a part of the Sandworm group.
The American authorities claim that all the defendants serve in unit 74455 of the Main Intelligence Directorate of Russia (Unit 74455) and, on the orders of the Russian government, have carried out cyberattacks with the aim of destabilizing other countries, interfering in their domestic politics, causing damage and monetary losses.
The US Department of Justice connects the Sandworm grouping with attacks on critical infrastructure in Ukraine, elections in France, the Olympic Games in Pyeongchang, the development of the NotPetya ransomware and other incidents.
News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…
Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…
News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…
Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…
News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…
Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…