Russian Hackers Make A Sustained Attack On France

France's National Cyber Security Agency has said it has discovered a hack of several organisations that bore similarities to other attacks by Sandworm, a group linked to Russian intelligence. It said the hackers had taken advantage of a vulnerability in monitoring software sold by French IT group Centreon, which lists blue-chip French companies as clients, which include power group EDF, defence group Thales and  oil & gas giant Total. 

The French ministry of justice and city authorities including Bordeaux are also named as Centreon customers.

France's national cybersecurity agency ANSSI said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyber attacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. 

The "supply chain attack" is similar to the recently discovered SolarWinds hack that breached several US government agencies and many others.

The intrusion campaign started in late 2017 and lasted until 2020, ANSSI said, adding it "mostly affected information technology providers, especially web hosting providers." Centreon said in a statement it "has taken note of the information," adding it is "not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question." 

Centreon's customers  include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF) and telecoms firm Orange among its clients, as well as the French Ministry of Justice. Right now, the identityof  organizations which were breached via the software hack has not been disclosed.

ANSSI said that the campaign "bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," which "is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool." 

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is thought to be behind some of the most damaging cyber attacks in recent history, including the outbreak of ransomware NotPetya in 2017 and attacks on the Winter Olympics in South Korea. 

European diplomats imposed sanctions on several officers of Russia's intelligence unit linked to Sandworm in relation to the cyber attacks. US authorities has also said that hackers belonging to the same group and said the group was suspected of being behind the 2017 cyber attack on then-presidential candidate Emmanuel Macron’s party La République En Marche.  

ANSSI:     CERT France:     Centreon:     France 24:       Bloomberg:      ZDNet:     Politico:   

Image: Unplash

You Might Also Read: 

France Responds To Cyber Attacks:

 

« Microsoft Releases Free Tool For Hunting SolarWinds Malware
Three Reasons The Security Industry Is Protecting The Wrong Thing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Council of Europe Convention on Cybercrime

Council of Europe Convention on Cybercrime

The Council of Europe helps to protect societies worldwide from the threat of cybercrime through the Convention on Cybercrime.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

ZEST Security

ZEST Security

The ZEST platform natively integrates into your technology stack to make efficient risk remediation possible.