MESA Imaging (Acquired by Heptagon, then ams OSRAM)

Incident Summary

MESA Imaging camera software distributed Havex.

MESA Imaging, a Swiss developer of 3D Time-of-Flight (ToF) cameras and related software used in industrial applications, was another vendor whose website was compromised by the DragonFly group. Software installers for their camera products were trojanized with the Havex RAT, enabling espionage on systems using their specialized imaging equipment. This record tracks the MESA Imaging product scope specifically; related Havex vendor compromises are tracked separately.

Date: 2013-01-01 to 2014-06-01
Category: Commercial
Target Surface: Distribution
Insertion Phase: distribution
Impact: Backdoor
Cause: Website compromise

What Was Affected

Package MESA Imaging (Acquired by Heptagon, then ams OSRAM)

LanguageC++

ComponentApplication

Artifact typebinary archive

Domain typeproject download host

Domain mesa-imaging.ch

Compromised Versions

Specific software installers available during the compromise period.

Incident Context

Motive: Espionage
Attribution: Nation-state
Transitive: No
Observed Duration: 516 days

Evidence

Compromised Artifacts

Trojanized MESA Imaging camera software installers (e.g., for SR4000 series cameras), downloaded from mesa-imaging.ch during 2013-2014.

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:09a35ac2f7f9ca156c3a2ab2466c029976535390099101632e904a7ca3f6764d
sha256:4a1a783a11c1a2a9d5915717b16ebb5012c685f4457a08246666d7d2f7dcb238
md5:f691c8f16e290f829710ff0a18ff2532

External References

en.wikipedia.org/wiki/Havex

Source Data

Source record: proprietary/mesa_imaging/meta.yaml