Russian Hackers Make A Sustained Attack On France

Uploaded on 2021-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

France's National Cyber Security Agency has said it has discovered a hack of several organisations that bore similarities to other attacks by Sandworm, a group linked to Russian intelligence. It said the hackers had taken advantage of a vulnerability in monitoring software sold by French IT group Centreon, which lists blue-chip French companies as clients, which include power group EDF, defence group Thales and  oil & gas giant Total. 

The French ministry of justice and city authorities including Bordeaux are also named as Centreon customers.

France's national cybersecurity agency ANSSI said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyber attacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. 

The "supply chain attack" is similar to the recently discovered SolarWinds hack that breached several US government agencies and many others.

The intrusion campaign started in late 2017 and lasted until 2020, ANSSI said, adding it "mostly affected information technology providers, especially web hosting providers." Centreon said in a statement it "has taken note of the information," adding it is "not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question." 

Centreon's customers  include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF) and telecoms firm Orange among its clients, as well as the French Ministry of Justice. Right now, the identityof  organizations which were breached via the software hack has not been disclosed.

ANSSI said that the campaign "bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," which "is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool." 

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is thought to be behind some of the most damaging cyber attacks in recent history, including the outbreak of ransomware NotPetya in 2017 and attacks on the Winter Olympics in South Korea. 

European diplomats imposed sanctions on several officers of Russia's intelligence unit linked to Sandworm in relation to the cyber attacks. US authorities has also said that hackers belonging to the same group and said the group was suspected of being behind the 2017 cyber attack on then-presidential candidate Emmanuel Macron’s party La République En Marche.  

ANSSI:     CERT France:     Centreon:     France 24:       Bloomberg:      ZDNet:     Politico:   

Image: Unplash

You Might Also Read: 

France Responds To Cyber Attacks:

 

« Microsoft Releases Free Tool For Hunting SolarWinds Malware
Three Reasons The Security Industry Is Protecting The Wrong Thing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Hilltop Technologies

Hilltop Technologies

Hilltop Technologies is a cybersecurity company specialized in managed security services and consulting tailored for all sectors from higher education to publicly traded companies.