Saturday, June 12, 2021

Centreon says only 15 organizations have been targeted in Russia’s latest hacking spree

Must Read

Russia declines Microsoft claims of healthcare cyber attacks

Russia on Tuesday vehemently reduces claims by Microsoft that Russia was behind cyberattacks on businesses exploring coronavirus vaccines and...

Cloudflare launches Page Shield For Magecart card skimming attacks

Cloudflare has launched new web security service to prevent Magecart-style attacks. Magecart is an umbrella term used to describe attacks...

UAE views Israel as a Tactical cybersecurity partner, says head of the national cyber authority

"We would like to know from Israel. You've built an extremely successful ecosystem that comprises the invention of technologies,...

Today, French software company Centreon said that none of its paid customers were victims of a years-long hacking campaign that surfaced on Monday.

Revealed in a report published by ANSSI, France’s cybersecurity agency, the hacking campaign continued between 2017 and 2020 and targeted companies using Centonon’s core product, a software package of the same name that monitors IT resources within large companies.

The hackers believed to be linked to the Russian government, hacked software, and installed malware to spy on them secretly.
The hacked companies were using Centonon’s very outdated versions.

But in a statement today, Centonon said none of its vital commercial customers were affected by the attack. Companies that have only downloaded the open-source version of the Centreon app, a company that freely provides on its website, have been affected, Centonon said.

“According to reports over the past 24 hours, only 15 organizations were targeted for the campaign, and that all are the users of the open source version (v2.5.2), which was not supported from five years ago,” the French company said today.

Released in November 2014, Centonon said companies used this outdated version “without respect for the security of servers and networks.”

“Since this version, Centon has released eight major versions,” the company said.

Centonon, who declined to comment yesterday, shortly after the ANSSI report’s release, should state to protect its reputation, such as how companies began to leave SolarWinds Orion IT monitoring following serious security breaches last December.

On its website, Centon lists clients such as Airbus, Agence France Press, Euronews, Orange, Lacoste, Sephora, ArcelorMittal, Total, SoftBank, Air France KLM, and many other French government and city government organizations.

However, none of this appears to have been attacked, according to Centonon. According to an ANSSI report, the cybersecurity agency also said the attackers targeted the web hosting companies.

The French cybersecurity agency also drew lines between the attack and the hacking group known as the Sandworm, linked last year by the US government and Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence company part of the Russian Army.

The link between the attacks and Sandworm was the use of Exaramel, a type of multi-platform backdoor trojan that the attackers installed on servers after gaining a foothold via the Centreon software.

Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, also said on Monday that Sandworm was the only group seen using Exaramel malware described in an ANSSI report, confirming the organization’s report.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This