Security News > 2021 > February > Sandworm Hackers Hit French Monitoring Software Vendor Centreon
The French National Agency for the Security of Information Systems is publicly blaming the notorious Sandworm APT group for a series of long-term hacking attacks against multiple IT and web hosting shops in Europe.
According to a technical advisory released by ANSSI, the data breaches date back to 2017 and include the eyebrow-raising compromise of Centreon, an IT monitoring software provider widely embedded throughout government organizations in France.
The agency did not say if the Centreon compromise was part of a supply-chain attack but the decision to publicly identify the Sandworm attackers triggers new conversations about the group's previous software supply chain targeting in high-profile APT attacks.
Documented research has linked the Sandworm team to a government-backed Russian APT group linked to separate attacks against Ukraine targets in 2015 and 2017, and the 2018 cyberattack on the Winter Olympics opening ceremony.
The French agency released a detailed technical report on the Centreon hack, which targeted Linux servers running the CentOS operating system.
While the initial compromise method remains unknown, AANSI said the attackers deployed two backdoors and "Has many similarities to previous campaigns of the Sandworm modus operandi."