Russia-Linked Threat Group Caught Deploying Backdoors on Linux Servers in an Attack That Triggers New Conversations on Software Supply Chain Security
The French National Agency for the Security of Information Systems (ANSSI) is publicly blaming the notorious Sandworm APT group for a series of long-term hacking attacks against multiple IT and web hosting shops in Europe.
According to a technical advisory released by ANSSI, the data breaches date back to 2017 and include the eyebrow-raising compromise of Centreon, an IT monitoring software provider widely embedded throughout government organizations in France.
The agency did not say if the Centreon compromise was part of a supply-chain attack but the decision to publicly identify the Sandworm attackers triggers new conversations about the group’s previous software supply chain targeting in high-profile APT attacks.
Documented research has linked the Sandworm team to a government-backed Russian APT group linked to separate attacks against Ukraine targets in 2015 and 2017, and the 2018 cyberattack on the Winter Olympics opening ceremony.
The French agency released a detailed technical report on the Centreon hack, which targeted Linux servers running the CentOS operating system. While the initial compromise method remains unknown, AANSI said the attackers deployed two backdoors and “has many similarities to previous campaigns of the Sandworm modus operandi.”
The agency also found known Sandworm-controlled servers being used as part of the command-and-control infrastructure for the four-year-old infiltrations of French and European entities.
“Generally speaking, the intrusion set Sandworm is known to lead consequent intrusion campaign ..
Support the originator by clicking the read the rest link below.
