Frances ANSII warns of a longrunning Sandworm campaign

The CyberWire


French authorities specifically the information security agency. Ansi said yesterday that they determined a russian threat. Actor has been active against french targets from two thousand seventeen to twenty twenty ansi. Didn't flatly say which group was responsible but it did note. According to reuters that similar tactics techniques and procedures had been seen in use by sand worm also known as voodoo bear and operation belonging to russia's gru military intelligence service and see has also made a detailed technical report available. The attackers dropped back doors as web shells in their targets. The operation appears to have been another software supply chain attack with the attackers working their way in through century on products used for it monitoring and see didn't say how many victims there had been but the agency indicated that most of them were it service firms especially web hosting providers the similarity in targeting in approach to the so laura gate campaign in the us is obvious. Centurions customer profile is similar to that of solar wins the paris based firm lists more than six hundred customers worldwide including local and regional government agencies. There's no informed official conjecture about the goals of the campaign that exploited century on yet but wired quotes industry. Expert says observing that. Sandra has a track record of disruption and destruction and hasn't confined itself to simple data theft century on hadn't as of this morning posted any statement about the incident to its website wired says century on emailed it to say that it was too soon to say whether the campaign represented an ongoing threat or whether it had been stopped by the patches and upgrades century on regularly issues. Voodoo bear of them as fancy. Bears daughter is known for going after industrial control systems especially those associated with power generation and distribution. It's most well known. Tool is the black energy malware kit. The threat actor is widely believed to have been responsible for both two thousand eight distributed denial of service attacks against georgia and twenty fifteen action against a portion of ukraine's power grid to return to salora gate the investigation and mop-up of the very large and presumably very damaging cyber espionage campaign against us targets continues. Cbs sixty minutes this weekend. Featured the solar winds compromise and highlighted both the scope of the attack and the effort that went into conducting it microsoft president. Brad smith said quote. I think from a software engineering perspective. It's probably fair to say that this is the largest and most sophisticated attack. The world has ever seen quote. He added that microsoft believed at least a thousand engineers were involved in mounting the attack. How microsoft arrived at that figure is unclear. And while it's probably better to read a thousand as a lot and not as a rigorously supportable quantification of the human capital. Russian intelligence applied to the task. It is in any case. Allot a member of south. Korea's parliamentary intelligence committee told reuters that he'd been briefed on an attempt by north korean operators to breach pfizer and steal information on the company's covid nineteen vaccine development. Hey take king said that. The republic of north korea's national intelligence service briefed him on the attempted espionage and that the apparent motive was financial. Pyongyang is looking more to its criminal. Revenue stream not to public health in the dprk last week bloomberg renewed its reporting on an alleged chinese hardware back door allegedly found on super micro products. The report was greeted with more skepticism than such reports usually are since the earliest versions of the story published. Initially in two thousand eighteen generally went unconfirmed by organizations that would have been in a position to confirm them super micro issued a statement about the bloomberg story which says in part quote bloomberg story is a mismatch of disparate. An inaccurate allegations that date back many years. It draws far-fetched conclusions that once again. Don't withstand scrutiny. In fact the national security agency told bloomberg again last month that it stands by its two thousand eighteen comments and the agency said a bloomberg's new claims that it cannot confirm that this incident or the subsequent response actions described ever occurred despite bloomberg's allegations about supposed cyber or national security investigations that date back more than ten years super micro has never been contacted by the us government or by any of our partners or customers about these alleged investigations and quote to round out the familiar four of bad girl. Nation-states researchers at security firm anomaly report a static kitten citing. the threat. Group believed to be run by. Tehran has been targeting government agencies in the united arab emirates. Fishing them with the goal of installing screen connect remote access tools and the systems used by. Its emirati targets. The fish bait is usually an israeli themed geopolitical loor the emails masquerade is communications from kuwait's foreign ministry and the fish hook itself is similar to those used previously in operation quicksand. There's not much new to report about the oldsmar. Florida water utility sabotage attempt local authorities in oldsmar have grown increasingly tight lipped about the attack on the town's water system with the pinellas county sheriff discouraging any municipal officials from discussing what is as they say and ongoing investigation. Detectives are on the case they say. And the sheriff wants the public to understand that it was never in any danger.

Coming up next