Security News > 2021 > February > France links Russian Sandworm hackers to hosting provider attacks

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.
According to the French cyber-security agency, the campaign shows several similarities to behavior observed while analyzing previous Sandworm attacks, including intrusion campaigns before choosing one of the victims for further compromise.
ANSSI has not been able to determine how the servers were compromised, so it is not clear if the attackers exploited a vulnerability in the exposed Centreon software or the victims were compromised through a supply chain attack.
"Compromised servers identified by ANSSI ran the CENTOS operating system. Centreon was recently updated," ANSSI added.
Sandworm is an elite Russian backed cyberespionage group active since the mid-2000s, with members believed to be military threat actors part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.
In October 2020, the U.S. Justice Department charged six Sandworm operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the NotPetya ransomware attack.
News URL
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)