Russian Hackers Make A Sustained Attack On France

Uploaded on 2021-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

France's National Cyber Security Agency has said it has discovered a hack of several organisations that bore similarities to other attacks by Sandworm, a group linked to Russian intelligence. It said the hackers had taken advantage of a vulnerability in monitoring software sold by French IT group Centreon, which lists blue-chip French companies as clients, which include power group EDF, defence group Thales and  oil & gas giant Total. 

The French ministry of justice and city authorities including Bordeaux are also named as Centreon customers.

France's national cybersecurity agency ANSSI said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyber attacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. 

The "supply chain attack" is similar to the recently discovered SolarWinds hack that breached several US government agencies and many others.

The intrusion campaign started in late 2017 and lasted until 2020, ANSSI said, adding it "mostly affected information technology providers, especially web hosting providers." Centreon said in a statement it "has taken note of the information," adding it is "not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question." 

Centreon's customers  include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF) and telecoms firm Orange among its clients, as well as the French Ministry of Justice. Right now, the identityof  organizations which were breached via the software hack has not been disclosed.

ANSSI said that the campaign "bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," which "is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool." 

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is thought to be behind some of the most damaging cyber attacks in recent history, including the outbreak of ransomware NotPetya in 2017 and attacks on the Winter Olympics in South Korea. 

European diplomats imposed sanctions on several officers of Russia's intelligence unit linked to Sandworm in relation to the cyber attacks. US authorities has also said that hackers belonging to the same group and said the group was suspected of being behind the 2017 cyber attack on then-presidential candidate Emmanuel Macron’s party La République En Marche.  

ANSSI:     CERT France:     Centreon:     France 24:       Bloomberg:      ZDNet:     Politico:   

Image: Unplash

You Might Also Read: 

France Responds To Cyber Attacks:

 

« Microsoft Releases Free Tool For Hunting SolarWinds Malware
Three Reasons The Security Industry Is Protecting The Wrong Thing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Code Decode Labs

Code Decode Labs

Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

Fasken

Fasken

Fasken is one of the largest business law firms in Canada and a recognized leader in privacy and cybersecurity law.

XioGuard

XioGuard

XioGuard is a managed security service for 360-degree cybersecurity coverage, protecting the entire attack surface, increasing performance, reducing cost, and simplifying operations.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Barrier Networks

Barrier Networks

Barrier Networks are a Cyber Security Managed Service Provider that specialises in Network and Application security.