National Information Systems Security Agency (Anssi) warned on computer intrusion discovery on Monday, 15 February “Influencing Many French Institutions” By Through the French software Centreon, which counts its customers between the majors and the Ministry of Justice.
“The first agreement identified by Anssi date from late 2017 and continue until 2020”, Agency writes in a report Presenting technical information related to this invasion campaign.
Anssi does not identify these hackers, but specifies how they work “Recalls methods that have already been used” Known by the Russian Cyberspace Group «Sandworm». “It is not guaranteed that it is him”, Responded to the cybersecurity expert of Agence France-Press (AFP) consultant Wavestone Garme Bilois.
The duration of the attack before its discovery suggests that they are hackers “Highly thoughtful, known as the logic of data and information theft”, she added.
«Centreon has taken note of the information published this evening by Anssi [lundi]At the time of publication of the report, which would be related to the facts introduced in 2017, or even in 2015 ”, The company reacted to Centreon AFP. “We are doing everything to accurately measure technical information in this publication”, she added.
Used by many companies (Airbus, Air France, Bolloré, EDF, Orange or even Total) and by the Ministry of Justice, Centreon software is used to monitor applications and computer networks.
“Attack amplification device”
Salon L’Anci, “The campaign primarily affected IT service providers, especially web hosting”. But it could also affect larger groups and institutions.
“It is possible that customers from these providers were affected by the rebound”, Underlined Luce Guéjo, Secretary-General of Clusif, a consortium of French cyber security experts.
Generally, this is “Extraordinary” That Anssi published such a note, he said. According to him, this is clearly the result of the work of a lengthy investigation into compromised French companies, and the connections he had made publicly with previous cases several years earlier.
The case is reminiscent of the massive cyber attack attributed to Russia targeting the United States in 2020, when hackers took advantage of an update to surveillance software developed by SolarWinds, a Texas company, and by thousands of companies and administrators worldwide Was used. .
“The supervision tools we put into our information systems are often targets for cyber criminals because they allow access to a lot of data”, Gérôme Billois explained. “They are known as attack amplification tools”, she added.
In the United States, cyber attacks through SolarWind software affected the Department of State, the Treasury, Homeland Security, and the National Institutes of Health, among others. Contacted on Monday evening, the Ministry of Justice and other French companies immediately declined to comment.