The National Information Systems Security Agency (Anssi) warned Monday on the discovery of a computer intrusion “affecting several French entities” via the French software Centreon, which counts among its clients large companies and the ministry of Justice. “The first compromises identified by Anssi date from the end of 2017 and continued until 2020,” writes Anssi in a report presenting the technical information related to this attack campaign.
A modus operandi generally attributed to Russian intelligence
The Anssi established that the attack had “many similarities to previous campaigns of the Sandworm modus operandi”, generally attributed to Russian military intelligence. But it does not explicitly accuse Russia, in accordance with its practice, of limiting itself to the technical expertise of the attacks. The cyberattack “recalls the methods that have already been used by the Russian intelligence group Sandworm, but that does not guarantee that it is him,” said cybersecurity specialist from the Wavestone consulting firm Gérome Billois.
The duration of the attack before being discovered suggests attackers “extremely discreet, rather known to be in the logic of theft of data and information”, he added. “Centreon has taken note of the information published by ANSSI this evening, at the time of publication of the report, which concerns facts initiated in 2017, or even in 2015,” the Centreon company reacted on Monday. “We are making every effort to take the exact measure of the technical information in this publication,” she added.
The true scale of the attack remains to be defined
Used by many companies (Airbus, Air France, Bolloré, EDF, Orange or even Total) and by the Ministry of Justice, Centreon software is used to monitor applications and computer networks. “This campaign mainly affected IT service providers, including web hosting,” said Anssi. But it can also induce an important “leverage” by exposing the data of the customers of these same providers, commented Gérome Billois, who specifies that it will take time to assess the true scale of the attack.
The case recalls the vast cyberattack attributed to Russia that targeted the United States in 2020, with hackers taking advantage of an update to surveillance software developed by a Texas company, SolarWinds, and used by dozens. thousands of companies and administrations around the world.
Source site www.europe1.fr