According to France’s top cybersecurity agency, a Russian APT group known as Sandworm has been running a three-year-long operation in which several internal networks of French entities were breached. The French organizations were all running the Centreon IT monitoring software, according to a technical report released today by the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI). The campaign targeted information technology and web hosting providers, according to the report.
The first victim was breached in 2017, with the campaign coming to a close in 2020. The point of entry was clearly linked to the Centreon software, which provides IT resource monitoring to customers. The product functionality is very similar to the SolarWinds Orion platform. The French agency has not clarified whether systems were breached through a vulnerability in the Centreon software or if the threat actors were able to successfully guess passwords for admin accounts.
Read More: Russian state hackers targeted Centreon servers in years-long campaign