3rd Party Risk Management
Inetum Ensures Log4J Vulnerability was Not Exploited
French IT services firm Inetum Group is confirming that it was subjected to a ransomware attack last week that disrupted certain operations.
See Also: Preparing CISOs for Emerging Email Threats in 2022 and Beyond: Featuring Gartner® Analyst and Fox
Inetum Group says it was the target of a ransomware virus attack on Dec. 19, that impacted its operations in France, however, ruled out any links to the Log4j vulnerability.
The company said that none of its infrastructures, communication, collaboration tools or delivery operations for their clients were affected.
“Within the affected perimeter, all servers have been isolated and client VPNs have been switched off. Following these initial measures and as a precaution, the dedicated crisis unit within the Group immediately asked Inetum’s operational teams to deactivate certain client interconnections deemed sensitive at the time,” the company says.
The company also states that it has identified the signature of the unnamed ransomware group, which it says it has communicated to the competent authorities at France’s National Information Systems Security Agency, which is the country’s main cybersecurity agency.
“Inetum has already notified the prosecuting authorities and is working closely with their specialized cybercrime units. The Inetum Group has also decided to call in a Security Incident Response service to benefit from the support of a trusted third party,” according to the company.
Inetum Group operates in more than 26 countries, the Group has nearly 27,000 employees and in 2020 generated revenues of €1.966 billion ($2.2 billion), according to its website https://www.inetum.com/en/Inetum.
The company provides digital services to customers in various sectors including aerospace and defense, chemicals and life sciences, banking, automotive, energy and utilities, healthcare, insurance, retail, public sector, logistics, telecom and others.
A Inetum Group spokesperson could not be immediately reached for comment on Saturday.
The company did not disclose the ransomware group, but Valéry Rieß-Marchive, the editor-in-chief at French publication LeMagIt says that the new BlackCat ransomware, also known as ALPHV and Ransom.Noberus, behind the attack at Inetum Group.
Symantec, a division of Broadcom Software, which spotted the ransomware on a victim organization on Nov. 18, saw three variants of Noberus deployed by the attackers over the course of that attack.
“Noberus is an interesting ransomware because it is coded in Rust, and this is the first time we have seen a professional ransomware strain that has been used in real-world attacks coded in this programming language,” according to Threat Hunter Team at Symantec.
The operators behind the ransomware also carry out a typical double extortion ransomware attacks where they first steal information from victim networks before encrypting files. In addition, Noberus adds the .sykffle extension to encrypted files.
Symantec also reported that the developers behind this ransomware are seeking affiliates on Russian-speaking hacking forums, which they assume that the number of malicious actors deploying this ransomware is likely to grow.
Other French Victims
Earlier this year, French security vendor Stormshield launched an investigation after an internal review found that hackers accessed the source code of the company’s network security product (see: French Security Firm Says Hackers Accessed Its Source Code).
Stormshield acknowledged the company had sustained a breach and that unknown hackers had accessed the source code of its Stormshield Network Security product.
The firm supplies firewalls and other products to the French government and the military, and some of its tools carry the highest certification issued by ANSSI, the country’s main cybersecurity agency.
In Oct. 2020, French IT services firm Sopra Steria confirmed that its internal infrastructure sustained a ransomware attack that disrupted its operations, with a full recovery expected to take weeks (see: French IT Services Firm Confirms Ryuk Ransomware Attack).
Sopra Steria said it was hit with a variant of the Ryuk ransomware strain on Oct. 20. The company said, however, that there is no evidence any customer or company data has leaked or that there has been any damage to any customers’ systems that the company manages.