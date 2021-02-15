The National Information Systems Security Agency (ANSSI) has said that several French companies have been the target of a cyberattack, the contours of which coincide with the operations of the Russian hacker group Sandworm.

The attack, according to its findings, “has a number of similarities to previous campaigns” by Sandworm, a cyber spy group linked to Russian military intelligence services, which previously took advantage of a Windows vulnerability to gain access to NATO, the Ukrainian government and some European energy and telecommunications companies. This situation occurred between the end of 2017 and 2020.

The campaign was directed against Centreon control software, a tool developed by the namesake company that allows monitoring of applications, networks and systems and which could also be used by the Linux operating system, according to a report from this organization. . “The Sandworm“ modus operandi ”is known for organizing major campaigns and choosing among the most strategic victims. The intrusions observed by ANSSI adjust to this behavior ”, underlined the organization. The first incidents identified in the last case by ANSSI date from the end of 2017, but continued until last year. Potential targets include Centreon customers, such as the Department of Justice and large corporations.

The duration of the attack, before being discovered, predicted attackers “extremely discreet, known to be in the logic of the theft of data and information”. Used by companies such as Airbus, Air France, Bolloré, EDF, Orange or Total, and by the Ministry of Justice, the Centreon computer program is used to manage applications and computer networks.

This campaign mainly concerned IT service providers, in particular web hosting, ”ANSSI said.

The case is reminiscent of the massive cyberattack, attributed to the Russian Federation, which targeted the United States in 2020, when hackers took advantage of an update of such a program developed by a Texas company, SolarWinds, used by thousands of businesses and governments around the world.