- Upgrade to Microsoft Office Pro and Windows 11 Pro with this bundle for 87% off
- Get 3 months of Xbox Game Pass Ultimate for 28% off
- Buy a Microsoft Project Pro or Microsoft Visio Pro license for just $18 with this deal
- How I optimized the cheapest 98-inch TV available to look and sound incredible (and it's $1,000 off)
- The best blood pressure watches of 2024
Centreon: Sandworm Attacks Targeted Legacy Open Source Product
French software provider Centreon has hit back at a report from the country’s cybersecurity agency that its products were hijacked in a Russian cyber-campaign, claiming that no paying customers were affected.
The firm, which produces IT monitoring software not unlike SolarWinds, was at the center of a report from the French National Agency for the Security of Information Systems (ANSSI) this week.
It claimed that the infamous Sandworm group, responsible for destructive attacks against Ukrainian energy providers in prior years, had targeted IT and web hosting firms from 2017 to 2020.
The group is said to have dropped a version of the P.A.S. web shell and the Exaramel backdoor Trojan to obtain remote control of “several Centreon servers exposed to the internet.”
However, in an update yesterday, the IT vendor clarified that the campaign only targeted legacy open source versions of its software, at around 15 organizations.
“The campaign described by ANSSI exclusively concerns obsolete versions of Centreon’s open source software. Indeed, the ANSSI specifies that the most recent version concerned by this campaign is version 2.5.2, released in November 2014,” it said.
“This version is not only no longer supported for more than five years, but has apparently also been deployed without respect for the security of servers and networks, including connections outside the entities concerned. Since this version, Centreon has released eight major versions.”
Centreon also made it clear that it had not been responsible for unwittingly distributing malicious code itself in a supply chain-style attack similar to SolarWinds.
As well as the BlackEnergy attacks in Ukraine, Sandworm has in the past been linked to cyber-espionage campaigns against NATO members and European governments in 2019. More relevant still were the attacks it launched against Exim email servers last year.