France's national cyber security agency said Monday it had discovered a hack of several organizations that bore similarities to other attacks by a group linked to Russian intelligence.
It said the hackers had taken advantage of a vulnerability in monitoring software sold by French group Centreon, which lists blue-chip French companies as clients, such as power group EDF, defence group Thales, or oil and gas giant Total.
The French ministry of justice and city authorities such as Bordeaux are also named as Centreon customers on the group's website, but they did not appear to have been compromised, according to a statement on the incident.
"This campaign mostly affected information technology providers, especially web hosting providers," said the French National Agency for the Security of Information Systems (ANSSI) in a report.
ANSSI had discovered "a backdoor" on several Centreon servers which had given the hackers access to its networks.
"This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," said the report, referring to a group of hackers thought to have links with Russian military intelligence.
The report, entitled "Sandworm Intrusion Set Campaign Targeting Centreon Systems," was released on Monday and gave technical details about how the hackers gained access to the Centreon servers.
The attack "recalls methods already used by the Sandworm group linked to Russian intelligence, but it doesn't guarantee that it's them," Gerome Billois, a cybersecurity expert at the IT security firm Wavestone, told AFP.
The hacking took place from 2017 to 2020, ANSSI added.
A Message from The Moscow Times:
Dear readers,
We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."
These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.
We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.
Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.
By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.
Remind me later.
