"Resecurity Warns about Cyber-Attacks on Data Center Service Providers"

The cybersecurity company Resecurity has released a report stating that, in September 2021, it alerted multiple data center organizations about malicious cyber activities being performed against them and their customers. Nation-state, criminal, and cyber espionage groups consider such organizations an attractive target due to their critical role in the enterprise supply chain. The affected parties and national computer emergency response teams in China and Singapore have been provided with information about this activity for further study and risk mitigation. Since major Fortune 500 companies are included in the observed data sets, additional updates received during 2022 and January 2023 have also been shared with US Law Enforcement. Some of these organizations are current Resecurity customers, and they were informed at the earliest stage of campaign development. Many of them saw it as posing a serious threat to their supply chain and began strengthening their incident response. In one of the cases reported to CNCERT/CC, it is likely that initial access was achieved using a vulnerable helpdesk module with a connection to other programs and systems, which could have enabled lateral movement. The attacker obtained a list of CCTV cameras with associated video stream identifiers, as well as operator and customer credentials. Using the customer credentials, the actor actively probed the customer panels to get information on the enterprise customers' representatives who manage data center operations, a list of purchased services, and deployed equipment. This article continues to discuss Resecurity's warning about the increase of malicious cyber activity targeting data center service providers. 

Security Affairs reports "Resecurity Warns about Cyber-Attacks on Data Center Service Providers"