The French cybersecurity agency warned that an attack similar to one used by Russian military hackers has been penetrating companies that use Centreon software for three years.
The attack started in late 2017 and continued into 2020, watchdog ANSSI said in a report. Centreon sells its network-monitoring software to customers including Thales SA and Orange SA, though ANSSI didn’t identify companies that may have been exposed in the hack.
“This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm,” the agency said, referring to the Russian cyber-espionage group. It discovered the presence of a “backdoor” vulnerability on several Centreon servers.
A representative for Centreon didn’t immediately respond to a request for comment. Thales said it was investigating the matter and declined to comment further. Orange didn’t have an immediate comment.
Sandworm is the nickname cybersecurity researchers have given a team of hackers working with Russia’s military intelligence directorate, the GRU. The U.S. government has accused the group, otherwise known as Unit 74455, of perpetrating a wide range of large-scale hacks in recent years.
Between 2015 and 2018, Sandworm attacked Ukraine’s power grid, targeted chemical weapons inspectors in the U.K., and hacked French President Emmanuel Macron’s political party, according to the U.S. Justice Department.
U.S. authorities have also blamed the group for NotPetya, a series of malware attacks that in 2017 affected companies and organizations in more than 60 countries, causing billions of dollars of damage and affecting the operations of hospitals and other medical facilities, as well as