"Forescout said the short-lived TwoNet hacktivist group fell for one of its researchers' honeypots, designed to look like a water treatment plant to a remote attacker. Although the intrusion turned out to be an embarrassing own goal for TwoNet, which went on to brag about its endevours on the messaging and social media app, Forescout's warning is very real. The attack was benign in this case. However, in a real-world scenario, it would have been anything but."
"TwoNet initially gained access to the fake water treatment facility by abusing default credentials on the honeypot's human-machine interface (HMI) before enumerating the system's databases and establishing persistence. It then went on to exploit a vulnerability (CVE-2021-26829, CVSS 5.4), allowing it to deface the HMI login screen, and later carry out its disruptive processes, such as disabling real-time updates. TwoNet first popped up in January, primarily focused on DDoS attacks using the MegaMedusa Machine malware, Intel471 said."
Security researchers lured pro-Russia cybercriminals into attacking a honeypot built to resemble a water treatment plant. The TwoNet group used default HMI credentials to gain access, enumerated databases, and established persistence. The crew exploited CVE-2021-26829 (CVSS 5.4) to deface the HMI login screen and disable real-time updates, alarms, and logs. Attackers believed they had compromised critical infrastructure within 26 hours and proceeded to tamper with key systems. The intrusion proved benign because the target was a decoy, but similar tactics against actual facilities would pose severe risks. TwoNet previously focused on DDoS and reemerged on Telegram before shutting down channels.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]