- IT 리더가 지목한 AI 가치 실현의 최대 걸림돌은 ‘비용 관리’
- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
Centreon: Sandworm Attacks Targeted Legacy Open Source Product
French software provider Centreon has hit back at a report from the country’s cybersecurity agency that its products were hijacked in a Russian cyber-campaign, claiming that no paying customers were affected.
The firm, which produces IT monitoring software not unlike SolarWinds, was at the center of a report from the French National Agency for the Security of Information Systems (ANSSI) this week.
It claimed that the infamous Sandworm group, responsible for destructive attacks against Ukrainian energy providers in prior years, had targeted IT and web hosting firms from 2017 to 2020.
The group is said to have dropped a version of the P.A.S. web shell and the Exaramel backdoor Trojan to obtain remote control of “several Centreon servers exposed to the internet.”
However, in an update yesterday, the IT vendor clarified that the campaign only targeted legacy open source versions of its software, at around 15 organizations.
“The campaign described by ANSSI exclusively concerns obsolete versions of Centreon’s open source software. Indeed, the ANSSI specifies that the most recent version concerned by this campaign is version 2.5.2, released in November 2014,” it said.
“This version is not only no longer supported for more than five years, but has apparently also been deployed without respect for the security of servers and networks, including connections outside the entities concerned. Since this version, Centreon has released eight major versions.”
Centreon also made it clear that it had not been responsible for unwittingly distributing malicious code itself in a supply chain-style attack similar to SolarWinds.
As well as the BlackEnergy attacks in Ukraine, Sandworm has in the past been linked to cyber-espionage campaigns against NATO members and European governments in 2019. More relevant still were the attacks it launched against Exim email servers last year.