Centreon, a French software company, published a blog providing clarification on a report published by ANSSI , CERTFR-2021-CTI-004.According to Centreon, Russian Hackers hit only older versions of Centreon software.
Centreon clarifies that none of its paid customers have been subjected to the year-long hack on its primary product Centreon. Centreon boasts behemoths such as Airbus, Arcelor Mittal, Lacoste, Orange, SoftBank and several French government agencies and city governments as its customers.
ANSSI, France’s cyber-security agency states that the hacking campaign lasted between 2017 and 2020. The hackers are believed to be associated with the Russian government. They had hacked into companies running the software and had installed malicious software to silently survey all their activities.
Centreon has confirmed that only users running its free, open-source version of the version downloaded from the Centreon website were impacted. Centreon strongly believes that only 15 companies were targeted in this attack.
All the 15 companies had been using the obsolete open-source version (v2.5.2) which was not supported by Centreon for almost 5 years now. Centreon had released 8 major versions since then.
Centreon had to act immediately and issue a statement to ensure that it was not adversely impacted in the public eye and ensure there was not a mass exodus of major customers like how there was when customers moved away from SolarWinds in light of the major hack against it.
ANSSI, also believes that there could be some connection between this attack and the ones carried out by a hacking group called Sandworm which is known to be active since 2009. Sandworm was linked last year by US government in an attack to Unit 74455 of the Russian Main Intelligence Directorate (GRU), which is a military intelligence agency part of the Russian army.
The similarity between this group and Sandworm arises from the use of Exaramel. Exaramel is a type of multi-platform backdoor trojan that the attackers installed on servers after gaining a foothold via the Centreon software. Till date, Sandworm is the only group who is known to use this malware.