Hacker attacks on France: The dangerous Houken campaign exposes weaknesses!

Frankreichs ANSSI warnt vor der Houken-Hacking-Kampagne, die Zero-Day-Schwachstellen in Ivanti ausnutzt. Angriffe auf kritische Sektoren.
France's Anssi warns of the Houken hacking campaign that exploits Zero-Day weak points in Ivanti. Attacks on critical sectors. (Symbolbild/WOM87)

Hacker attacks on France: The dangerous Houken campaign exposes weaknesses!

Frankreich - In the past few months, the cyber security landscape in France has hit violent waves. This is due to a hacking campaign that the French cyber security authority Anssi has taken a closer look at. It reports on a series of attacks that were specifically directed against government, care and private sectors in the country. This is due to several zero-day weak points in the Ivanti Cloud Service Appliance, which serves as a goal for the sensitive networks. These vulnerabilities, documented as CVE 2024-8190, CVE-2024-8963 and CVE-2024-9380, have allowed the attackers to gain access to valuable data and have the alarm bells ring with the security authorities. As early as September 2024, the first activities of this threat player, known as the code name "Houken", were registered. Anssi suspects that Houken is operated by an actor who is connected to the attacks that ran under the designation UNC5174 and were previously analyzed by Mandiant. This form of cybercrime could be organized by a private entity that resold information collected to state -related areas.

The Houken attacks had a clear target orientation: organizations in the areas of government, telecommunications, media, finance and transport. Anssi has documented that these attackers were particularly skilled in terms of use of advanced techniques for network penetration. It was found that they not only used zero-day weaknesses, but also a comprehensive toolkit of reprehensible tools, including modified PHP webshells and even custom Linux rootkits that were able to hire TCP traffic.

The evolutionary process of attacks

The damage report on Houken shows that the attackers also profiled themselves through laterally moving access or credential harvesting, which means that they not only logged into systems, but also tried to achieve further permissions. A case of data exiltration was even reported, in which massif has been deducted emails from the Ministry of Foreign Affairs from a South American country. The technical and operational expertise of the attackers indicates a "multi-party approach", which underlines the complexity of their methods.

Then Anssi found that there was a significant lack of segmentation in many of the systems concerned. This makes it clear that many organizations have taken inadequate safety precautions and that the risks can accept unpleasant proportions. The investigation shows that the infrastructure of Houken is not only deep andgrously, but also strategically thought out-commercial VPNs, dedicated servers and different IP addresses from different countries form the backing for their activities. A worrying development that puts the entire industry under pressure.

Why the focus on zero-day weak points?

The year 2023 has shown that cyber attacks are primarily due to the use of zero-day weak points. According to a report, 97 such weak points were identified this year, which represents an increase of over 50 percent compared to the previous year. These vulnerabilities were not only limited to end user platforms - company -oriented technologies were also affected, which underlines the need to improve security measures and act more proactive. Much of these zero-days was used by espionage actors, with China playing a leading role.

With a clear focus on zero-tag weaknesses and the current developments related to the Houken attacks, it is essential for companies to improve security protocols and to show vigilance. The threat from Houken and other similar actors remains and increases the pressure on organizations worldwide. The use of zero-days is viewed not only as a tool for espionage, but also for financial yields, which is a serious strategic challenge.

A look at the threat from Houken ultimately shows that times for cyber security professionals are not easier. As Ansi and other security analysts summarize, the situation remains tense, and it is to be expected that such attackers will continue to take advantage of weaknesses in system security. With technologies that develop further, the defense mechanisms must also keep up.

For further details on the weaknesses concerned and the entire risk situation, the complete reports can be found on The Record , security online href = "https://www.security-insider.de/zero-schwachstellen-2023-analysis-dlage-a-51795735b91efcce6223265f17/"> Security insider

Details
OrtFrankreich
Quellen