Sunday, April 11, 2021
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact
Hacking tools on all platforms
No Result
View All Result
  • The Hacker News
  • Tools9
  • Tutorial
  • Video
  • Blog
  • Donate Us
Hacking tools on all platforms
Home Blog
Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Nhan Nguyen by Nhan Nguyen
in Blog
Reading Time: 5min read
0
0
SHARES
115
VIEWS
Share on FacebookShare on Twitter

Related posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

02/24/2021
2.7k

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Hackers Exploit IT Monitoring Tool Centreon to Target Several French

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.

The intrusion campaign — which breached “several French entities” — is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory.

“On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet,” the agency said on Monday. “This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel.”

The Russian hacker group (also called APT28, TeleBots, Voodoo Bear, or Iron Viking) is said to be behind some of the most devastating cyberattacks in past years, including that of Ukraine’s power grid in 2016, the NotPetya ransomware outbreak of 2017, and the Pyeongchang Winter Olympics in 2018.

password auditor

While the initial attack vector seems unknown as yet, the compromise of victim networks was tied to Centreon, an application, and network monitoring software developed by a French company of the same name.

Centreon, founded in 2005, counts Airbus, Air Caraïbes, ArcelorMittal, BT, Luxottica, Kuehne + Nagel, Ministère de la Justice français, New Zealand Police, PWC Russia, Salomon, Sanofi, and Sephora among its customers. It’s not clear how many or which organizations were breached via the software hack.

Compromised servers ran the CENTOS operating system (version 2.5.2), ANSSI said, adding it found on the two different kinds of malware — one publicly available webshell called PAS, and another known as Exaramel, which has been used by Sandworm in previous attacks since 2018.

1613455567 539 Hackers Exploit IT Monitoring Tool Centreon to Target Several French

The web shell comes equipped with features to handle file operations, search the file system, interact with SQL databases, carry out brute-force password attacks against SSH, FTP, POP3, and MySQL, create a reverse shell, and run arbitrary PHP commands.

Exaramel, on the other hand, functions as a remote administration tool capable of shell command execution and copying files to and fro between an attacker-controlled server and the infected system. It also communicates using HTTPS with its command-and-control (C2) server in order to retrieve a list of commands to run.

In addition, ANSSI’s investigation revealed the use of common VPN services in order to connect to web shells, with overlaps in C2 infrastructure connecting the operation to Sandworm.

“The intrusion set Sandworm is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool,” the researchers detailed. “The campaign observed by ANSSI fits this behaviour.”

In light of the SolarWinds supply-chain attack, it should come as no surprise that monitoring systems such as Centreon have become a lucrative target for bad actors to gain a foothold and laterally move across victim environments. But unlike the former’s supply chain compromise, the newly disclosed attacks differ in that they appear to have been carried out by leveraging internet-facing servers running Centreon’s software inside the victims’ networks.

“It is therefore recommended to update applications as soon as vulnerabilities are public and corrective patches are issued,” ANSSI warned. “It is recommended either not to expose these tools’ web interfaces to [the] Internet or to restrict such access using non-applicative authentication.”

In October 2020, the U.S. government formally charged six Russian military officers for their participation in destructive malware attacks orchestrated by this group, linking the Sandworm threat group to Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency part of the Russian Army.

Hacking Tools by Novero Lotus with hashtags #Hackers #Exploit #Monitoring #Tool #Centreon #Target #French #Entities

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securityNetwork Securityransomware malwaresoftware vulnerabilitythe hacker news
ShareTweet

Related Posts

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Blog

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

by Nhan Nguyen
02/25/2021
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
Blog

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

by Nhan Nguyen
02/24/2021
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
Blog

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

by Nhan Nguyen
02/24/2021
2.7k
Everything You Need to Know About Evolving Threat of Ransomware
Blog

Everything You Need to Know About Evolving Threat of Ransomware

by Nhan Nguyen
02/24/2021
2.7k
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
Blog

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

by Nhan Nguyen
02/24/2021
1.6k
Experts Find a Way to Learn What You’re Typing During Video Calls
Blog

Experts Find a Way to Learn What You’re Typing During Video Calls

by Nhan Nguyen
02/23/2021
1.5k
Load More
Next Post
Managed Service Provider? Watch This Video to Learn about Autonomous XDR

Managed Service Provider? Watch This Video to Learn about Autonomous XDR

0 0 vote
Article Rating
Subscribe
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
Notify of
guest
Connect with
I allow to create an account
When you login first time using a Social Login button, we collect your account public profile information shared by Social Login provider, based on your privacy settings. We also get your email address to automatically create an account for you in our website. Once your account is created, you'll be logged-in to this account.
DisagreeAgree
guest
0 Comments
Inline Feedbacks
View all comments

New Posts Updated

Intro YouTube Nhan Nguyen Channel

Intro YouTube Nhan Nguyen Channel

1 month ago
8.8k
Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

2 months ago
2.7k
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

2 months ago
2.5k
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

2 months ago
2.7k
Everything You Need to Know About Evolving Threat of Ransomware

Everything You Need to Know About Evolving Threat of Ransomware

2 months ago
2.7k

BROWSE BY CATEGORIES

  • Blog
  • Dark Web
  • Downloads
  • Envato Free
  • Hacking Tools
  • Plugins
  • Social Network
  • Themes & Templates
  • Tools Free
  • Tools Free
  • Tutorial
  • Video

BROWSE BY TOPICS

AI Buidl computer security Counterfeited Money Credit Cards cyber attacks cyber news cyber security news cyber security news today cyber security updates cyber updates Dark Web data breach Deep Web Digital Virtual Hacker hacker news Hackers Hacking hacking news Hacking Tools how to hack information security Learn Python Linux Network Security PayPal Accounts Python Python Basic ransomware malware software vulnerability the hacker news Theme Blog / Magazine Theme Corporate Theme Creative Theme eCommerce Theme Free Theme Null Theme Real Estate Theme Wordpress Tool Tools Tor Tor Project’s Windows

Ads




POPULAR NEWS

  • Intro YouTube Nhan Nguyen Channel

    Intro YouTube Nhan Nguyen Channel

    0 shares
    Share 0 Tweet 0
  • Trusted Links on Dark Web update 2021

    3826 shares
    Share 0 Tweet 0
  • Hack Facebook Password 2021 100% Success in 2 minutes

    5712 shares
    Share 0 Tweet 0
  • Dark Web Scam Vendors & Markets List

    6714 shares
    Share 0 Tweet 0
  • Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

    0 shares
    Share 0 Tweet 0
  • Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

    0 shares
    Share 0 Tweet 0
  • Everything You Need to Know About Evolving Threat of Ransomware

    0 shares
    Share 0 Tweet 0
  • Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

    0 shares
    Share 0 Tweet 0
  • The truth about the dark web fraud trade

    37 shares
    Share 0 Tweet 0
  • VmWare Tutorials

    53 shares
    Share 0 Tweet 0
  • Bitcoin
  • About
  • Trusted Links
  • Advertise
  • Careers
  • Donate
  • Contact

TM + © 2013 - 2021 Hacking Tools Online Platforms .

No Result
View All Result
  • The Hacker News
  • Bitcoin
  • Tools
    • Hacking Tools
    • Ecommerce
    • Social Network
    • Tools Free
  • Downloads
    • Software
    • Tools Free
    • Mobile Apps
    • Scripts
    • Envato Free
    • Plugins
    • Themes & Templates
    • Free Online Courses
  • Tutorial
  • Video
  • Dark Web
  • Blog
  • Donate Us
  • Contact Us

TM + © 2013 - 2021 Hacking Tools Online Platforms .

0
0
Would love your thoughts, please comment.x
()
x
| Reply