Security News > 2021 > February > Hackers exploited Centreon monitoring software to compromise IT providers

Unknown hackers - possibly the Sandworm APT - have been compromising enterprise servers running the Centreon monitoring software for over three years, the French National Cybersecurity Agency has shared on Monday.

The hackers exploited public-facing Centreon installations to gain access to the underlying system, and used that access to spread laterally through the target organizations' networks.

"The initial compromise method is not known," ANSSI analysts noted.

Once on them, the hackers would equip the compromised Centreon servers with previously known malware: the P.A.S. web shell and the Exaramel backdoor.

Though these attackers compromised monitoring software to breach organizations, there is no mention of whether this might be an instance of supply chain compromise such as the recent SolarWinds one.

"The campaign described by ANSSI exclusively concerns obsolete versions of Centreon's open source software. Indeed, the ANSSI specifies that the most recent version concerned by this campaign is version 2.5.2, released in November 2014. This version is not only no longer supported for more than 5 years, but has apparently also been deployed without respect for the security of servers and networks, including connections outside the entities concerned. Since this version, Centreon has released 8 major versions."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/nokyxDM6jBg/