Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
US cyber agency confirms exploitation of Supervisory Control and Data Acquisition software in both Windows & Linux.
The US Cybersecurity & Infrastructure Security Agency has added a more than four-year-old vulnerability in the open source ScadaBR, a piece of Supervisory Control and Data Acquisition software designed to help users create and monitor control systems via a web browser.
CVE-2021-26829 was one of a pair of vulnerabilities in the software initially disclosed in June 2021. The vulnerability impacted ScadaBR 0.9.1 Linux and ScadaBR 1.12.4 on Windows, and it could allow a remote attacker to execute stored XSS attacks via the system_settings.shtm page.
The vulnerability was given a CVSS score of 6.5 at the time, making it a Medium Severity flaw.
Cyber security firm Forescout reported exploitation of CVE-2021-26829, with a Russian-linked group known as twoNet the culprit.
Thankfully, the hackers were unaware they were accessing a honeypot monitored by Forescout, not the “water treatment facility” the hackers eventually claimed to have hacked on their Telegram channel.
The attack developed over 26 hours, with TwoNet eventually abusing CVE-2021-26829 to debase the honeypot’s login page to pop up an alert that said “HACKED BY BARLATI, FUCK” when a user visited the page.
“The attacker did not attempt privilege escalation or exploitation of the underlying host, focusing exclusively on the web application layer of the [human machine interface],” Forescout said in an October 9 blog post.
“According to a message posted in the affiliated group, CyberTroops’ chat, TwoNet announced it was ceasing operations on September 30th. As of this writing, TwoNet’s Telegram channels– and handles commonly associated with the group, including “BARLATI” and DarkWarios” – are no longer reachable,” Forescout said.
“This underscores the ephemeral nature of the ecosystem where channels and groups are short-lived, while operators typically persist by rebranding, shifting alliances, joining other groups, learning new techniques, or targeting other organisations.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
