Today, French software company Centreon said that none of its paid customers were victims of a years-long hacking campaign that surfaced on Monday.
Revealed in a report published by ANSSI, France’s cybersecurity agency, the hacking campaign continued between 2017 and 2020 and targeted companies using Centonon’s core product, a software package of the same name that monitors IT resources within large companies.
The hackers believed to be linked to the Russian government, hacked software, and installed malware to spy on them secretly.
The hacked companies were using Centonon’s very outdated versions.
But in a statement today, Centonon said none of its vital commercial customers were affected by the attack. Companies that have only downloaded the open-source version of the Centreon app, a company that freely provides on its website, have been affected, Centonon said.
“According to reports over the past 24 hours, only 15 organizations were targeted for the campaign, and that all are the users of the open source version (v2.5.2), which was not supported from five years ago,” the French company said today.
Released in November 2014, Centonon said companies used this outdated version “without respect for the security of servers and networks.”
“Since this version, Centon has released eight major versions,” the company said.
Centonon, who declined to comment yesterday, shortly after the ANSSI report’s release, should state to protect its reputation, such as how companies began to leave SolarWinds Orion IT monitoring following serious security breaches last December.
On its website, Centon lists clients such as Airbus, Agence France Press, Euronews, Orange, Lacoste, Sephora, ArcelorMittal, Total, SoftBank, Air France KLM, and many other French government and city government organizations.
However, none of this appears to have been attacked, according to Centonon. According to an ANSSI report, the cybersecurity agency also said the attackers targeted the web hosting companies.
The French cybersecurity agency also drew lines between the attack and the hacking group known as the Sandworm, linked last year by the US government and Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence company part of the Russian Army.
The link between the attacks and Sandworm was the use of Exaramel, a type of multi-platform backdoor trojan that the attackers installed on servers after gaining a foothold via the Centreon software.
Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, also said on Monday that Sandworm was the only group seen using Exaramel malware described in an ANSSI report, confirming the organization’s report.