Mar 13 2021

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Category: APT,Cybercrime,data securityDISC @ 3:24 pm

OVH, one of the largest hosting providers in the world,Ā has sufferedĀ this week a terrible fire that destroyed its data centers located inĀ Strasbourg. The French plant in Strasbourg includes 4 data centers,Ā SBG1, SBG2, SBG3, and SBG4 that were shut down due to the incident, and the fire started in SBG2 one.

The fire impacted the services of a large number of OVHsā€™ customers, for this reason the company urged them to implement their disaster recovery plans. 

Nation-state groups were also impacted by the incident, Costin Raiu, the Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, revealed that 36% of 140 OVH servers used by various threat actors as C2 servers went offline. The servers were used by cybercrime gangs and APT groups, including Iran-linkedĀ Charming KittenĀ andĀ APT39Ā groups, theĀ BahamutĀ cybercrime group, and the Vietnam-linkedĀ OceanLotusĀ APT.

Of course, the incident only impacted a small portion of the command and control infrastructure used by multiple threat actors in the wild, almost any group leverages on multiple service providers and bulletproof hosting to increase the resilience of their C2 infrastructure to takedown operated by law enforcement agencies with the help of security firms.
ā€œIn the top of ISPs hosting Command and control infrastructure, OVH is in the 9th position, according to our tracking data. Overall, they are hosting less than 2% of all the C2s used by APTs and sophisticated crime groups, way behind other hosts such as, CHOOPA.ā€Ā Raiu told toĀ The Reg.


ā€œI believe this unfortunate incident will have a minimal impact on these groups operations; Iā€™m also taking into account that most sophisticated malware has several C2s configured, especially to avoid take-downs and other risks. Weā€™re happy to see nobody was hurt in the fire and hope OVH and their customers manage to recover quickly from the disaster.ā€

The fire in the OVH datacenter also impacted APTs and cybercrime groups

Tags: OVH datacenter