A hacktivist group called TwoNet shifted from launching DDoS attacks to targeting critical infrastructure, including a fake water treatment facility used as a honeypot. Their activities reveal an evolving threat landscape where cybercriminals engage in both hacktivism and operational technology (OT) attacks. #TwoNet #CVE2021-26829
Keypoints
- TwoNet initially employed DDoS attacks before targeting critical infrastructure like water treatment facilities.
- The group accessed a honeypot system using default credentials and exploited a known XSS vulnerability (CVE-2021-26829).
- The attackers created a new user and disrupted system processes by disabling logs and alarms.
- Researchers observed that TwoNet focused on the web application layer, avoiding privilege escalation or host exploitation.
- Forescout advises critical infrastructure organizations to implement strong authentication, network segmentation, and protocol-aware detection to mitigate risks.