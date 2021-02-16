Centreon is computer software used by many companies in France, including Air France, Airbus, Total, Orange, EDF or the Ministry of Justice. Among other things, it enables the monitoring of applications and computer networks. An alert was launched by the National Security Security Agency on Monday, February 15. In his report, Anssi referred to an interference that would “affect several French companies”. This cyber attack would be of Russian origin and the hackers would be members of the Sandworm group.

The first interventions would take place at the end of 2017

In his report, Anssi stated that “the first compromises identified by Anssi came from the end of 2017 and will last until 2020”. In detail, analysts have discovered two back doors in Centreon servers. According to the agency, the observed mode of operation is reminiscent of that previously used by Sandworm, a Russian cyber espionage group, even if this does not guarantee the origin of the intrusion.

The Anssi also specifies that the authors of this cyberattack would be “extremely discreet” in their actions and “are more known for being implicated in the logic of data and information theft.” This time the intrusion would have mainly affected IT services and especially web hosts. At the moment, however, this does not mean that large groups or institutions have been spared. Loïc Guézo, General Secretary of Clusif, an association of French cybersecurity specialists, emphasized that it is still possible that customers of these providers will be affected by an upswing.

A cyber attack reminiscent of someone else …

Remember, last December we talked about a massive cyber espionage operation. This affected SolarWinds and possibly several US government agencies, including the US Department of Justice and companies like Microsoft. Last January, the US government first accused Russia of the matter. At that moment, the FBI even seemed to have underestimated the extent of the cyberattack it had discovered.

However, according to Loïc Guézo, Anssi’s publication of this report is exceptional. Clusif’s Secretary General believes that this is the result of a long process of investigation and reconciliation with cases that have been observed and made public in the past.

Finally, and for now, neither the aforementioned French companies using Centreon nor the Ministry of Justice wanted to comment on the Anssi report.