France Says Multiyear Hack Similar to Russian Attacks

The French cybersecurity agency warned that an attack similar to one used by Russian military hackers has been penetrating companies that use Centreon software for three years.

The attack started in late 2017 and continued into 2020, watchdog ANSSI said in a report. A representative for ANSSI declined to identify groups that may have been exposed in the hack, but said that the attack was now over.

“This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm,” ANSSI said, referring to the Russian cyber-espionage group. It discovered the presence of a “backdoor” vulnerability on several Centreon servers.

Suggestions that the attack was connected to Russia are “absurd,” Dmitry Peskov, a spokesman for the Russian government said. “Russia did not have, does not have and cannot have any involvement in any cybercrime.”

Centreon sells its network-monitoring software to customers including Airbus SE, Thales SA, Total SE, Electricite de France SA and Orange SA, according to its website. But the vulnerability may have been in an “old, open-source version” of the company’s product, and not the software sold to corporations, Agence France-Presse reported, citing a Centreon spokesperson.

Paris-based Centreon said it didn’t have anyone available to speak to the press. Thales said it was investigating the matter and declined to comment further. Spokespeople for Orange and Airbus didn’t have an immediate comment. Total, EDF and the French Foreign Ministry didn’t immediately respond.

Sandworm is the nickname cybersecurity researchers have given a team of hackers working with Russia’s military intelligence directorate, the GRU. The U.S. government has accused the group, otherwise known as Unit 74455, of perpetrating a wide range of large-scale hacks in recent years.

Between 2015 and 2018, Sandworm attacked Ukraine’s power grid, targeted chemical weapons inspectors in the U.K., and hacked French President Emmanuel Macron’s political party, according to the U.S. Justice Department. U.S. authorities have also blamed the group for NotPetya, a series of malware attacks that in 2017 affected companies and organizations in more than 60 countries, causing billions of dollars of damage and affecting the operations of hospitals and other medical facilities, as well as some of the world’s largest corporations.

France’s unveiling of the hack also comes after the sprawling cyberattack on the U.S. government and private sector by suspected Russian hackers last year. They are thought to have implanted malicious code into popular software from Texas-based SolarWinds Corp. that affected as many as 18,000 customers.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.