Feb 16, 2021 13:05:00

French government agency reports hacking damage to domestic companies for 3 years, Russian hackers involved?

France's

National Information Systems Security Agency (ANSSI) has announced that from late 2017 to 2020, a group of hackers believed to be associated with Russian government agencies were hacking domestic IT service providers. .. It is said that the series of attacks targeted Centreon , a system monitoring software provided by the company of the same name.

Sandworm intrusion set campaign targeting Centreon systems – CERT-FR
https://www.cert.ssi.gouv.fr/cti/CERTFR-2021-CTI-005/

French IT monitoring company's software targeted by hackers: cyber agency | Reuters
https://www.reuters.com/article/us-global-cyber-centreon-idUSKBN2AF1RA

France links Russian Sandworm hackers to hosting provider attacks
https://www.bleepingcomputer.com/news/security/france-links-russian-sandworm-hackers-to-hosting-provider-attacks/

France: Russian state hackers targeted Centreon servers in years-long campaign | ZDNet
https://www.zdnet.com/article/france-russian-state-hackers-targeted-centreon-servers-in-years-long-campaign/

According to a report released by ANSSI, the victims were mainly hosting service providers, and although the specific name was not disclosed, they used the system monitoring platform 'Centreon' in common. It is mentioned that it was.

Hackers hacked 'Centreon', and when they succeeded in breaking into the server, they deployed backdoors such as Exaramel and PAS web shell to take full control of the compromised system and adjacent networks.

ANSSI also said that hackers used public or commercial VPN services and anonymization services such as Tor during the attack. In addition, it is unknown whether the vulnerability of Centreon was used when invading the system for the first time, or whether a supply chain attack on the administrator account etc. was carried out.

ANSSI, which analyzed a series of hacking attacks, pointed out that the attack method is similar to the hacker group ' Sandworm ', which is said to involve the General Information Bureau (GRU) of the Russian Federation Army Chief of Staff . Sandworm is a cyber espionage group that has been active since the mid-2000s and is believed to belong to GRU's 74455 unit.

Sandworm is a large-scale power outage in Ukraine in 2016, an attack by malware 'NotPetya' that has driven government agencies and electric power companies in each country to malfunction, a cyber attack targeting Japanese logistics companies, and the Olympics. He is involved in a wide range of cyber attacks such as hacking .

A large-scale hack into a US government agency discovered in 2020 targeted software from cybersecurity firm SolarWinds . The Centeron and SolarWinds software had similar functionality, and system monitoring software is a very attractive target for hackers, Reuters said.