Latest Cyber Security News

You are here: Home / General Cyber Security News / France uncovers SolarWinds-esque cyber attack targeting Centreon

Image of a cyber criminal using several computers in a dark room

Shutterstock

French cyber security authorities have disclosed a vast-achieving source-chain attack concentrating on quite a few main house names by hackers who compromised the Centreon business IT system.

✔ Approved Seller by TheCyberSecurity.News From Our Partners
Bitdefender Internet Security 2021

Protect yourself against all threads using Bitderender. Get Bitdefender Internet Security with 68% discount from a bitdefender official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The first proof of the intrusion campaign dates back again to 2017 with the attack lasting until finally 2020, in accordance to the ANSSI cyber security company. This primarily afflicted IT providers, in particular web hosting suppliers. 

Centreon describes by itself as a firm that presents AIOps-ready IT monitoring products and services that present visibility to elaborate IT workflows from the cloud to the edge. Its clients contain Airbus and Orange amid other significant French shoppers. 

In the course of its investigation, ANSSI found out the existence of a backdoor in the form of a web shell dropped on quite a few Centreon servers exposed to the internet. 

This backdoor was recognized as the PAS web shell model 3.1.4, which is in the category of a entire-highlighted PHP web shell utilized by attackers to keep persistent obtain to a compromised web portal.

The identical servers also performed host to a different backdoor similar to just one that cyber security agency ESET has dubbed Exaramel, and has related with the TeleBots menace team – a Russian cyber gang with alleged ties to the authorities.

This campaign also bears various similarities with earlier cyber campaigns attributed to Sandworm, an notorious team that allegedly exploits vulnerabilities for surveillance from high-price targets on behalf of the Russian federal government. These Sandworm attacks had been previously witnessed as much again as 2014 affecting Windows 7, for case in point.

The character of the attack is eerily identical to the devastating SolarWinds Orion hack that afflicted up to 18,000 organisations, which authorities have also joined with Russian actors. 

“Centreon became aware of the details designed public by the Anssi this night (Monday), at the time it was revealed, pertaining to the activities that are recognised to have begun in 2017, possibly as early as 2015,” Centreon explained, according to the AFP. 

“We are accomplishing anything we can to thoroughly comprehend the specialized information and facts in the report,” it included.


Some components of this write-up are sourced from:
www.itpro.co.uk

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *