French software organization Centreon explained nowadays that none of its compensated shoppers were being the victims of a decades-lengthy hacking campaign that came to mild on Monday.
Exposed in a report published by ANSSI, France’s cyber-protection agency, the hacking campaign lasted between 2017 and 2020, and focused organizations functioning Centreon’s primary item, a program offer of the identical title, employed for monitoring IT assets inside big providers.
Hackers, believed to be linked to the Russian federal government, breached organizations managing the software program and mounted malware to execute silent surveillance.
But in a push launch currently, Centreon mentioned that none of its principal industrial clients ended up hit in these assaults. Only organizations that downloaded the open-source model of the Centreon application, which the company freely delivers on its web site, had been impacted, Centreon explained.
“According to discussions more than the past 24 hrs with ANSSI, only about fifteen entities ended up the concentrate on of this campaign, and that they are all buyers of an out of date open up source model (v2.5.2), which has been unsupported for 5 yrs,” the French business claimed nowadays.
Released in November 2014, Centreon reported providers deployed the out-of-date version “without the need of regard for the safety of servers and networks.”
“Due to the fact this version, Centreon has introduced eight main variations,” the firm explained.
Centreon, who declined to comment yesterday, promptly following the ANSSI report’s release, had to difficulty a assertion to stop its popularity from currently being impacted, similar to how providers have commenced abandoning the SolarWinds Orion IT monitoring platform following information of a major security breach last December.
On its site, Centreon lists buyers these types of as Airbus, Agence France Press, Euronews, Orange, Lacoste, Sephora, ArcelorMittal, Total, SoftBank, Air France KLM, and quite a few French govt companies and city governments.
Having said that, none of these surface to have been attacked, in accordance to Centreon. On top of that, in accordance to the ANSSI report, the cyber-stability agency also said the attackers focused net hosting corporations largely.
The French cyber-security company also drew some slender strains amongst the attacks and a hacking group acknowledged as Sandworm, connected previous yr by the US government to Device 74455 of the Russian Key Intelligence Directorate (GRU), a armed service intelligence agency component of the Russian Military.
The connection in between the assaults and Sandworm was the use of Exaramel, a variety of multi-system backdoor trojan that the attackers installed on servers right after gaining a foothold by means of the Centreon application.
Costin Raiu, Director of the World Exploration and Examination Staff (Terrific) at Kaspersky Lab, also explained on Monday that Sandworm was the only group viewed using the Exaramel malware described in the ANSSI report, confirming the agency’s report.