Centreon discusses the Sandworm incident. Skepticism about the “Big Hack.” Patch news.
Centreon, the firm whose IT resource monitoring tool France's ANSSI identified as compromised in what appears to be a Russian operation, yesterday provided an update on its own investigation. The software in question is an older version of the tool that's been unsupported for the last five years. (There have been eight updates since that version reached its end-of-life.) The company says that none of its current customers were affected, and that the fifteen "entities" that were afflicted by Sandworm's backdoor were all using open source versions of the obsolete software.
ZDNet reports that the backdoor found in the open source version of Centreon software was Exaramel, malware that bears some similarity to Industroyer. ESET offers some background and context, describing how they found Exaramel "at the heart of Industroyer" during their 2018 investigation of Russia's 2016 cybersabotage of Ukraine's power grid. As BleepingComputer reports, it's unclear how the threat actor succeeded in compromising the software.
Fortune summarizes the current state of opinion about Bloomberg's renewal of its story on alleged discovery of Chinese hardware backdoors into Supermicro chips. Fortune notes that the current version relies on secondhand and anonymous sources, "which does not inspire confidence."
Microsoft has pulled and issued an update for one of the fixes it published on Patch Tuesday last week. Threatpost reports that "This particular defective update (KB4601392) applied to Windows 10 users (version 1607 for 32-bit and x64-based systems) and Windows Server 2016 users."
CISA yesterday issued four new Advisories on industrial control systems.
Gloss