Russian Hackers Make A Sustained Attack On France

Uploaded on 2021-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

France's National Cyber Security Agency has said it has discovered a hack of several organisations that bore similarities to other attacks by Sandworm, a group linked to Russian intelligence. It said the hackers had taken advantage of a vulnerability in monitoring software sold by French IT group Centreon, which lists blue-chip French companies as clients, which include power group EDF, defence group Thales and  oil & gas giant Total. 

The French ministry of justice and city authorities including Bordeaux are also named as Centreon customers.

France's national cybersecurity agency ANSSI said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyber attacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. 

The "supply chain attack" is similar to the recently discovered SolarWinds hack that breached several US government agencies and many others.

The intrusion campaign started in late 2017 and lasted until 2020, ANSSI said, adding it "mostly affected information technology providers, especially web hosting providers." Centreon said in a statement it "has taken note of the information," adding it is "not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question." 

Centreon's customers  include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF) and telecoms firm Orange among its clients, as well as the French Ministry of Justice. Right now, the identityof  organizations which were breached via the software hack has not been disclosed.

ANSSI said that the campaign "bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," which "is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool." 

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is thought to be behind some of the most damaging cyber attacks in recent history, including the outbreak of ransomware NotPetya in 2017 and attacks on the Winter Olympics in South Korea. 

European diplomats imposed sanctions on several officers of Russia's intelligence unit linked to Sandworm in relation to the cyber attacks. US authorities has also said that hackers belonging to the same group and said the group was suspected of being behind the 2017 cyber attack on then-presidential candidate Emmanuel Macron’s party La République En Marche.  

ANSSI:     CERT France:     Centreon:     France 24:       Bloomberg:      ZDNet:     Politico:   

Image: Unplash

You Might Also Read: 

France Responds To Cyber Attacks:

 

« Microsoft Releases Free Tool For Hunting SolarWinds Malware
Three Reasons The Security Industry Is Protecting The Wrong Thing »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

Bloombase

Bloombase

Bloombase is the leading innovator in Next-Generation Data Security solutions for Global 2000-scale organizations

Eustema

Eustema

Eustema designs and manages ICT solutions for medium and large organizations.

Iceberg

Iceberg

Since 2016, Iceberg has redefined how businesses approach hiring in the Cybersecurity and eDiscovery space.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Barrier Networks

Barrier Networks

Barrier Networks are a Cyber Security Managed Service Provider that specialises in Network and Application security.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.

Ryan Financial Lines

Ryan Financial Lines

Ryan Financial Lines Cyber provides risk transfer solutions for complex cyber and technology exposures, globally.