Security News > 2021 > February > Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon.
The intrusion campaign - which breached "Several French entities" - is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory.
"On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet," the agency said on Monday.
While the initial attack vector seems unknown as yet, the compromise of victim networks was tied to Centreon, an application, and network monitoring software developed by a French company of the same name.
In light of the SolarWinds supply-chain attack, it should come as no surprise that monitoring systems such as Centreon have become a lucrative target for bad actors to gain a foothold and laterally move across victim environments.
UPDATE. French software company Centreon on Tuesday issued a clarification following the publication of ANSSI's report, stating none of its customers were affected in the hacking campaign that was found to strike business entities running its network monitoring software.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Jz0HPIu8b4U/hackers-exploit-it-monitoring-tool.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)