CyberNews Briefs

Russian state hackers targeted Centreon servers in years-long campaign

According to France’s top cybersecurity agency, a Russian APT group known as Sandworm has been running a three-year-long operation in which several internal networks of French entities were breached. The French organizations were all running the Centreon IT monitoring software, according to a technical report released today by the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI). The campaign targeted information technology and web hosting providers, according to the report.

The first victim was breached in 2017, with the campaign coming to a close in 2020. The point of entry was clearly linked to the Centreon software, which provides IT resource monitoring to customers. The product functionality is very similar to the SolarWinds Orion platform. The French agency has not clarified whether systems were breached through a vulnerability in the Centreon software or if the threat actors were able to successfully guess passwords for admin accounts.

Read More: Russian state hackers targeted Centreon servers in years-long campaign

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.