topics = free printable:r48vfgprefo= elf on the shelf letter, easy:8sts33fga4i= anime drawing, acrylic:jy6dpa7idkq= light pink nails, high resolution:nnifwwuwy3k= watercolor background, easy:nx4x7tckjyc= mountain drawing, wallpaper:5zgc4zbaszu= kate beckinsale, logo:477khbynynk= facebook, purple:lxuwmdpfsck= aesthetic background, anime:hm_tsyqpgrm= art, drawing:4hx1qeafey4= elsa frozen, drawing:y_kabm_vwgo= harriet tubman, simple:qhowtq1ctgo= lehenga for women, wallpaper:hoif5b5-uhw= the last of us, logo:lnmmnxujqfa= ford, watch stolen baby: the murder of heidi broussard film, logo:lwxu6ad7bmi= sanborns, blue:k929xoslxug= galaxy, wallpaper:w7h9arcru1i= anime girls, cute:lrn58vezlhw= kawaii:klajudwpteg= drawing, art:k2e9sf83ewu= lunar new year dragon, outline:4ytcr9shpoe= love heart, aesthetic:rbl-zvtrb1a= girl, art:fph4dsbl7ly= design, logo:pbcc4rhhshi= leicester city, interior:w6fddmzkng8= xuv 700, high resolution:noyh563wryw= dark background, full grown:fpvgddkdwac= teacup yorkie, drawing:dwxzieykpim= pictures to draw, red:1rjoyd32uuy= blood, aesthetic:vcthxdrzrca= stich, baby:qqsxybfnlvs= giraffe, printable:w_rnc-pggu8= wedding checklist, map:0dhuiinqbko= peak district, tattoo:nunsqkojaqe= rihanna, cute:_757rbppozw= background:wlt1zjjr8ju= wallpaper, beautiful:ejfgxbds35o= christmas drawing, logo:x01yb3rbboc= pizza hut, easy:kh_70vp9epq= devil makeup, simple:-aityroumas= home design, anime:77ddsm9bsp0= cute:77ddsm9bsp0= penguin, baby:0mh2cydl_7c= shirley temple, pencil:pan_dxttl8o= cute anime girl drawing, logo:-zu9rfyvi3s= club america, wallpaper:1j4txwcld5y= pink background aesthetic, dark:qxn58ldnf2g= minimalist wallpaper, beautiful:mq4euzdnvwo= anime girl gif, logo:regfjpinfu8= burberry, puppy:8avgslztl1c= rottweiler dog, anime:m4gwqn48x7m= comics, logo:-7ez0_yeuye= seahawks, sketch:maxtmlbkuj8= iron man drawing, cute:d-iext-ctxo= easy pumpkin carving ideas, drawing:djnm7bfefze= cute:mdxrjkgre8i= cat, beautiful:sftbzg8sjag= india, sketch:exqa58yyn6w= avengers drawing, sketch:znljzyqgcps= cute drawings, aesthetic:jibic5_7qgq= sunflower wallpaper, transparent:sygtvam-hmo= heart, kawaii:ppmdzyacsrk= cute anime girl, wallpaper:ztxcb9yztx0= black hole, small:854pmvp_cs0= tatoo, animated:lzvcc9k6lea= yes, anime:4im0gke2srq= sketches, purple:3ujikaeuqzc= azalea, wallpaper:orlvfxtkha4= blackpink, animated:lqmcqucq4i4= spider man, beautiful:x3juq7bs9hq= pakistan, easy:5hmhlhkl1_c= things to build in minecraft, kawaii:kiurklnqq1g= dibujos aesthetic faciles, logo:e-cz4ldtsc8= cactus jack, transparent:o3-zcjazjue= tree clipart, wallpaper:xvj1vcrvf-g= floral background, beautiful:7qkictjo6ai= algeria, transparent:daavlqsiuoq= music notes, pink:nbxt8og43w0= nike, map:7lftoaasfqm= canada, realistic:k2yyfrc6lvw= cow drawing, silhouette:bdpvn3-wxti= person, cool:qzwkjnrdnjy= roblox, clipart:kfmfti3lz00= candy canes, wallpaper:u5ydyg2pntu= taehyung, logo:umcq-josnko= guess, printable:tsptvkf2vpq= june 2023, map:yanqqz9rlny= uganda, fashion:0cgbqqql9ku= ariana grande, girl:dxhnnlznpvk= bad guys, kawaii:ilujsq2-0be= arcoiris, transparent:piebvmukbxq= instagram logo, red:uxveig8n37q= jordan 5, logo:uxizsp7kx34= mario bros, logo:8ncmvtklf0c= iphone, logo:rpsjnpv8t2u= pittsburgh pirates, free printable:svtlrdbmmjq= fall coloring pages, iphone:nxb_btdvfa0= light wallpaper, simple:rkxzam4rq3i= usa map, printable:pfubwnlylj4= pumpkin stencils, blue:k1s8aum_rpu= maine coon, cool:guct9ln2k-u= 3d wallpapers, logo:1jkuueymhey= james bond, beautiful:5vcdaxlp3em= princess, wallpaper:rjqrkec9biw= vinicius jr, clipart:d7_n5xrj6xo= cone, beautiful:jkk3khpndza= art drawing, transparent:phqz4x2yr2e= coquette bow, cute:h6imtuisouu= radha, wallpaper:88qgxgbn4nk= fox, wallpaper:ezqfztlob48= shinobu, drawing:mqsgrh17jma= drake, printable:_uj-8szw8k8= family tree template, logo:--gvmggpas8= bundeswehr, wallpaper:uy-gptauduo= skull, blue:wbqugkp_nra= sky, simple:k1hirjhbv5m= how to tie a tie, girl:gnem_h_qti0= wolf haircut, pastel:fcwtxbqdh0w= rainbow cake, pastel:lrozi8h4jyi= wallpaper for laptop, full hd:-0moezhx-ak= iphone:yhcqowwh_uy= fondos de pantalla, sasuke:xxtr_kn9ifu= drawing:--wc_usmqeo= naruto, anime:5pvxun1m3oa= demon slayer mitsuri, lock screen:hyotctyl2iw= gojo satoru wallpaper, cute:f6hdqtq5uhq= gerbil, tiernos:4sje6hd0uzw= kawaii:zymdychsile= dibujos para colorear, long hair:d5jxrhqoopu= eren yeager, beautiful:6ihsjixgxx0= dragons, pencil:dvyyw9ilc_e= peacock drawing easy, flower:nnjs5v__d8a= beautiful, boy:ce6-5raydyc= watch, live wallpaper:7yxelnfx4cy= rengoku wallpaper, aesthetic:qwwrrprcoco= pink backgrounds, drawing:syu3f2zqmyc= naruto characters, logo:wjrzhg_gqaw= bears, cute:efgpigvq788= aesthetic wallpaper, photography:83f8iax4y_g= beautiful real nature images, anime:7i9iperup94= marin, background:w_o82b1tabi= cute desktop wallpaper, interior:kavmiuq8ese= car accessories, flower:ptaa7iymh-i= acacia
Cyber security

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

[ad_1]

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.

The intrusion campaign — which breached “several French entities” — is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory.

“On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet,” the agency said on Monday. “This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel.”

The Russian hacker group (also called APT28, TeleBots, Voodoo Bear, or Iron Viking) is said to be behind some of the most devastating cyberattacks in past years, including that of Ukraine’s power grid in 2016, the NotPetya ransomware outbreak of 2017, and the Pyeongchang Winter Olympics in 2018.

password auditor

While the initial attack vector seems unknown as yet, the compromise of victim networks was tied to Centreon, an application, and network monitoring software developed by a French company of the same name.

Centreon, founded in 2005, counts Airbus, Air Caraïbes, ArcelorMittal, BT, Luxottica, Kuehne + Nagel, Ministère de la Justice français, New Zealand Police, PWC Russia, Salomon, Sanofi, and Sephora among its customers. It’s not clear how many or which organizations were breached via the software hack.

Compromised servers ran the CENTOS operating system (version 2.5.2), ANSSI said, adding it found on the two different kinds of malware — one publicly available webshell called PAS, and another known as Exaramel, which has been used by Sandworm in previous attacks since 2018.

The web shell comes equipped with features to handle file operations, search the file system, interact with SQL databases, carry out brute-force password attacks against SSH, FTP, POP3, and MySQL, create a reverse shell, and run arbitrary PHP commands.

Exaramel, on the other hand, functions as a remote administration tool capable of shell command execution and copying files to and fro between an attacker-controlled server and the infected system. It also communicates using HTTPS with its command-and-control (C2) server in order to retrieve a list of commands to run.

In addition, ANSSI’s investigation revealed the use of common VPN services in order to connect to web shells, with overlaps in C2 infrastructure connecting the operation to Sandworm.

“The intrusion set Sandworm is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool,” the researchers detailed. “The campaign observed by ANSSI fits this behaviour.”

In light of the SolarWinds supply-chain attack, it should come as no surprise that monitoring systems such as Centreon have become a lucrative target for bad actors to gain a foothold and laterally move across victim environments. But unlike the former’s supply chain compromise, the newly disclosed attacks differ in that they appear to have been carried out by leveraging internet-facing servers running Centreon’s software inside the victims’ networks.

“It is therefore recommended to update applications as soon as vulnerabilities are public and corrective patches are issued,” ANSSI warned. “It is recommended either not to expose these tools’ web interfaces to [the] Internet or to restrict such access using non-applicative authentication.”

In October 2020, the U.S. government formally charged six Russian military officers for their participation in destructive malware attacks orchestrated by this group, linking the Sandworm threat group to Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency part of the Russian Army.

 

[ad_2]

Share this news on your Fb,Twitter and Whatsapp

File source

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close