Security News > 2021 > February > France links Russian Sandworm hackers to hosting provider attacks
The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.
According to the French cyber-security agency, the campaign shows several similarities to behavior observed while analyzing previous Sandworm attacks, including intrusion campaigns before choosing one of the victims for further compromise.
ANSSI has not been able to determine how the servers were compromised, so it is not clear if the attackers exploited a vulnerability in the exposed Centreon software or the victims were compromised through a supply chain attack.
"Compromised servers identified by ANSSI ran the CENTOS operating system. Centreon was recently updated," ANSSI added.
Sandworm is an elite Russian backed cyberespionage group active since the mid-2000s, with members believed to be military threat actors part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.
In October 2020, the U.S. Justice Department charged six Sandworm operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the NotPetya ransomware attack.
News URL
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- BadPilot network hacking campaign fuels Russian SandWorm attacks (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)