Friday, September 24, 2021

Centreon says only 15 organizations have been targeted in Russia’s latest hacking spree

Must Read

Russia declines Microsoft claims of healthcare cyber attacks

Russia on Tuesday vehemently reduces claims by Microsoft that Russia was behind cyberattacks on businesses exploring coronavirus vaccines and...

Nine cyber Offenders arrested in a police raid

Throughout the constant action being taken by the authorities to preventing cybercrime, the authorities obtained a major success last...

Flash version was distributed in China after EOL installing adware

Although the Flash Player app has officially reached its final date on December 31, 2020, Adobe has allowed a...

Today, French software company Centreon said that none of its paid customers were victims of a years-long hacking campaign that surfaced on Monday.

Revealed in a report published by ANSSI, France’s cybersecurity agency, the hacking campaign continued between 2017 and 2020 and targeted companies using Centonon’s core product, a software package of the same name that monitors IT resources within large companies.

The hackers believed to be linked to the Russian government, hacked software, and installed malware to spy on them secretly.
The hacked companies were using Centonon’s very outdated versions.

But in a statement today, Centonon said none of its vital commercial customers were affected by the attack. Companies that have only downloaded the open-source version of the Centreon app, a company that freely provides on its website, have been affected, Centonon said.

“According to reports over the past 24 hours, only 15 organizations were targeted for the campaign, and that all are the users of the open source version (v2.5.2), which was not supported from five years ago,” the French company said today.

Released in November 2014, Centonon said companies used this outdated version “without respect for the security of servers and networks.”

“Since this version, Centon has released eight major versions,” the company said.

Centonon, who declined to comment yesterday, shortly after the ANSSI report’s release, should state to protect its reputation, such as how companies began to leave SolarWinds Orion IT monitoring following serious security breaches last December.

On its website, Centon lists clients such as Airbus, Agence France Press, Euronews, Orange, Lacoste, Sephora, ArcelorMittal, Total, SoftBank, Air France KLM, and many other French government and city government organizations.

However, none of this appears to have been attacked, according to Centonon. According to an ANSSI report, the cybersecurity agency also said the attackers targeted the web hosting companies.

The French cybersecurity agency also drew lines between the attack and the hacking group known as the Sandworm, linked last year by the US government and Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence company part of the Russian Army.

The link between the attacks and Sandworm was the use of Exaramel, a type of multi-platform backdoor trojan that the attackers installed on servers after gaining a foothold via the Centreon software.

Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, also said on Monday that Sandworm was the only group seen using Exaramel malware described in an ANSSI report, confirming the organization’s report.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

Apple Releases patches for an actively exploited zero-day flaw in ios, macOS

Apple on Monday Release an urgent security patch for iOS,macOS, iPadOS, to address a zero-day flaw that has been actively exploited.Apple has revealed that...

More Articles Like This