An alert was launched by the National Information Systems Security Agency (ANSSI) on Monday, February 15. One report pointed to interference that “affected several French companies”. Their common point was Centreon, a computer software. The latter’s editor said today that none of its paying customers has been affected or affected by this attack.

In a press release, Centreon wanted to provide clarifications following the report published by ANSSI. We therefore learn that the attack observed by the surveillance organization only affects an open source version of the Centreon software that has been out of date for several years. Indeed, the press release states: “The last version affected by this campaign is version 2.5.2, which was released in November 2014. This version has not been supported for 5 years. “

The company also states that it has exchanged with Anssi in the past 24 hours, and is ensuring that it can now confirm that no customer using Centreon is affected. Overall, only a few companies are said to have been the target of the cyber attack, all of which were using the outdated version of the software. Centreon also states that it is contacting all customers and partners to conduct reviews and remind them to use IT security best practices.

Centreon also confirms in its press release that the campaign has now ended and that no “malicious code spread” has taken place. Elements also confirmed by Anssi. The agency confirmed that there are currently no indications of compromises in the software. While the methodology used in the attacks suggests Sandworm’s approach, Russia was keen to reject these allegations and therefore denies standing behind the attacks. This seems plausible, especially since, as L’Usine Digitale emphasizes, the attack on Centreon is more like the work of a “geek” than that of a potentially Russian spy.

Finally, the Villefranche-sur-Saône hospital has been exposed to ransomware in recent days. Knowing that the healthcare facility is a user of Centreon’s paid services, it should be noted that no link has been established between the cyberattack and the ransomware.