Russian Hackers Make A Sustained Attack On France

Uploaded on 2021-03-02 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

France's National Cyber Security Agency has said it has discovered a hack of several organisations that bore similarities to other attacks by Sandworm, a group linked to Russian intelligence. It said the hackers had taken advantage of a vulnerability in monitoring software sold by French IT group Centreon, which lists blue-chip French companies as clients, which include power group EDF, defence group Thales and  oil & gas giant Total. 

The French ministry of justice and city authorities including Bordeaux are also named as Centreon customers.

France's national cybersecurity agency ANSSI said "several French entities" had been breached, and linked the attacks to a Russian hacker group thought to be behind some of the most devastating cyber attacks in past years. The agency said it had identified "an intrusion campaign" in which hackers, linked to Russian military intelligence agency GRU, compromised the French software firm Centreon in order to install two pieces of malware into its clients' networks. 

The "supply chain attack" is similar to the recently discovered SolarWinds hack that breached several US government agencies and many others.

The intrusion campaign started in late 2017 and lasted until 2020, ANSSI said, adding it "mostly affected information technology providers, especially web hosting providers." Centreon said in a statement it "has taken note of the information," adding it is "not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question." 

Centreon's customers  include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF) and telecoms firm Orange among its clients, as well as the French Ministry of Justice. Right now, the identityof  organizations which were breached via the software hack has not been disclosed.

ANSSI said that the campaign "bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," which "is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool." 

The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is thought to be behind some of the most damaging cyber attacks in recent history, including the outbreak of ransomware NotPetya in 2017 and attacks on the Winter Olympics in South Korea. 

European diplomats imposed sanctions on several officers of Russia's intelligence unit linked to Sandworm in relation to the cyber attacks. US authorities has also said that hackers belonging to the same group and said the group was suspected of being behind the 2017 cyber attack on then-presidential candidate Emmanuel Macron’s party La République En Marche.  

ANSSI:     CERT France:     Centreon:     France 24:       Bloomberg:      ZDNet:     Politico:   

Image: Unplash

You Might Also Read: 

France Responds To Cyber Attacks:

 

« Microsoft Releases Free Tool For Hunting SolarWinds Malware
Three Reasons The Security Industry Is Protecting The Wrong Thing »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

The ATOM Group

The ATOM Group

ATOM builds and secures technology for regulated industries. We design and build for a future we can all trust.

Salem Cyber

Salem Cyber

Salem Cyber builds Artificial Intelligence (AI) solutions that work collaboratively with people to address scalability challenges in cybersecurity operations.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Federal Bureau of Investigation (FBI)

Federal Bureau of Investigation (FBI)

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

DIGISOC

DIGISOC

DIGISOC, a leader in Latin America in Cybersecurity solutions, combines machine learning with human intelligence to be effective in detecting cyber threats.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.