The attack, according to its conclusions, “has a number of similarities with previous campaigns” by Sandworm, a group of cyber spies, linked to Russian military intelligence services, which has already taken advantage of a Windows vulnerability to access NATO, Ukrainian government and of some European energy and telecommunications companies.
This situation occurred between the end of 2017 and 2020.
The campaign was directed against the Centreon control software, a tool developed by the homonymous company that allows the supervision of applications, networks and systems and which could also be used by the Linux operating system, according to a report by that organization.
“The ‘modus operandi’ Sandworm is known for organizing large campaigns and choosing victims among the most strategic. The intrusions observed by ANSSI adjust to this behavior ”, underlined the organization.
The first incidents identified in the last case by ANSSI date back to the end of 2017, but continued until last year.
Potential targets include Centreon’s clients, such as the Ministry of Justice and large companies.
The duration of the attack, before being discovered, predicts attackers “extremely discreet, known for being in the logic of data and information theft”.
Used by companies such as Airbus, Air France, Bolloré, EDF, Orange or Total, and by the Ministry of Justice, the Centreon computer program allows you to control applications and computer networks.
“This campaign mainly affected computer service providers, in particular hosting websites,” specified ANSSI.
The case is reminiscent of the vast cyber attack, attributed to the Russian Federation, which targeted the USA in 2020, when pirates took advantage of the update of a program of this type developed by a Texas company, SolarWinds, used by thousands of companies and governments in the world.
–
