Security News > 2021 > February > France links Russian Sandworm hackers to hosting provider attacks

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.

According to the French cyber-security agency, the campaign shows several similarities to behavior observed while analyzing previous Sandworm attacks, including intrusion campaigns before choosing one of the victims for further compromise.

ANSSI has not been able to determine how the servers were compromised, so it is not clear if the attackers exploited a vulnerability in the exposed Centreon software or the victims were compromised through a supply chain attack.

"Compromised servers identified by ANSSI ran the CENTOS operating system. Centreon was recently updated," ANSSI added.

Sandworm is an elite Russian backed cyberespionage group active since the mid-2000s, with members believed to be military threat actors part of Unit 74455 of the Russian GRU's Main Center for Special Technologies.

In October 2020, the U.S. Justice Department charged six Sandworm operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the NotPetya ransomware attack.

News URL

https://www.bleepingcomputer.com/news/security/france-links-russian-sandworm-hackers-to-hosting-provider-attacks/