Centreon, a French software program firm, printed a weblog offering clarification on a report printed by ANSSI , CERTFR-2021-CTI-004.Based on Centreon, Russian Hackers hit solely older variations of Centreon software program.
Centreon clarifies that none of its paid prospects have been subjected to the year-long hack on its major product Centreon. Centreon boasts behemoths akin to Airbus, Arcelor Mittal, Lacoste, Orange, SoftBank and several other French authorities companies and metropolis governments as its prospects.
Hacking Marketing campaign
ANSSI, France’s cyber-security company states that the hacking marketing campaign lasted between 2017 and 2020. The hackers are believed to be related to the Russian authorities. They’d hacked into corporations operating the software program and had put in malicious software program to silently survey all their actions.
Centreon has confirmed that solely customers operating its free, open-source model of the model downloaded from the Centreon web site have been impacted. Centreon strongly believes that solely 15 corporations have been focused on this assault.
All of the 15 corporations had been utilizing the out of date open-source model (v2.5.2) which was not supported by Centreon for nearly 5 years now. Centreon had launched 8 main variations since then.
Centreon needed to act instantly and situation an announcement to make sure that it was not adversely impacted within the public eye and guarantee there was not a mass exodus of main prospects like how there was when prospects moved away from SolarWinds in mild of the main hack in opposition to it.
ANSSI, additionally believes that there may very well be some connection between this assault and those carried out by a hacking group known as Sandworm which is thought to be energetic since 2009. Sandworm was linked final 12 months by US authorities in an assault to Unit 74455 of the Russian Foremost Intelligence Directorate (GRU), which is a army intelligence company a part of the Russian military.
The similarity between this group and Sandworm arises from using Exaramel. Exaramel is a sort of multi-platform backdoor trojan that the attackers put in on servers after gaining a foothold by way of the Centreon software program. Until date, Sandworm is the one group who is thought to make use of this malware.