France Says Russian State Hackers Targeted IT Monitoring Firm Centreon’s Servers in Years-Long Campaign

France’s cyber-security agency said that a group of Russian military hackers, known as the Sandworm group, have been behind a three-years-long operation during which they breached the internal networks of several French entities running the Centreon IT monitoring software. From a report: The attacks were detailed in a technical report released today by Agence Nationale de la Securite des Systemes d’Information, also known as ANSSI, the country’s main cyber-security agency. “This campaign mostly affected information technology providers, especially web hosting providers,” ANSSI officials said today. “The first victim seems to have been compromised from late 2017. The campaign lasted until 2020.” The point of entry into victim networks was linked to Centreon, an IT resource monitoring platform developed by French company CENTREON, and a product similar in functionality to SolarWinds’ Orion platform. ANSSI said the attackers targeted Centreon systems that were left connected to the internet. The French agency couldn’t say at the time of writing if the attacks exploited a vulnerability in the Centreon software or if the attackers guessed passwords for admin accounts. However, in the case of a successful intrusion, the attackers installed a version of the P.A.S. web shell and the Exaramel backdoor trojan, two malware strains that when used together allowed hackers full control over the compromised system and its adjacent network.