Hackers had access to Centreon servers for three years

For years, the systems of various companies have been attacked by hackers through Centreon monitoring software in France – reported Reuters referring to the information provided by the French National Cyber ​​Security Agency (ANSSI). The authority has not yet been able to accurately identify the attackers, however, according to current information, the action strongly evokes the methods of a Russian military-backed hacking team called Sandworm.

Paris-based Centreon, founded in 2003, offers an open source software package for managing complete IT infrastructures and application palettes – the company’s products are downloaded 15,000 times a month, according to its website. The company’s clients include about 600 large companies worldwide – among others, the French Ministry of Justice is also a user of Centreon.

For the time being, it is questionable on what interface the perpetrators managed to infiltrate the monitoring software – however, according to ANSSI, it is already known that in the campaign, which ended last year, unauthorized access will last until 2017. The authority has not yet announced how many victims the attack could have, however, it is known that the targets of the action were mainly IT service companies, including internet service providers. The According to ANSSI On the targeted Centreon servers with an online connection, the attackers also placed two backdoors, one in the form of a webshell and the other by an Exetamel security company called ESET. has been known since 2018 built on pest.

For winter peeking

Record more than 100 IT presentations on HWSW’s Youtube channel: join!

For winter peeking Record more than 100 IT presentations on HWSW’s Youtube channel: join!

According to ANSSI, there is a good chance that the Sandworm hacker team responsible for the action has highlights ZDNet, the formation is associated with, among other things, the 2017 NotPetya ransomware campaign, the 2015 and 2016 attacks on Ukraine’s electricity infrastructure, and the disruption of the opening ceremony of the 2018 Winter Olympics.

The Centreon case is a strong reminder of the Solarwinds scandal that came to light at the end of last year, in which attackers, presumably Russian-backed, also entered the systems of Fortune 500 companies and US government institutions, infecting a supplier of Texas-based Solarwinds. they were able to act unnoticed for a good 9 months.

Source: HWSW Informatikai Hírmagazin by www.hwsw.hu.

*The article has been translated based on the content of HWSW Informatikai Hírmagazin by www.hwsw.hu. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!