France says multi-year hack similar to Russian military attacks | #RussianHacker


The French cybersecurity agency warned that an attack similar to one used by Russian military hackers has been penetrating companies that use Centreon software for three years.

The attack started in late 2017 and continued into 2020, watchdog ANSSI said in a report. Centreon sells its network-monitoring software to customers including Thales SA and Orange SA, though ANSSI didn’t identify companies that may have been exposed in the hack.

“This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm,” ANSSI said, referring to the Russian cyber-espionage group. It discovered the presence of a “backdoor” vulnerability on several Centreon servers.

Read more: After big hack of US government, Biden enlists ‘world class’ cybersecurity team

A representative for Centreon didn’t immediately respond to a request for comment. Thales said it was investigating the matter and declined to comment further. Orange didn’t have an immediate comment.

Sandworm is the nickname cybersecurity researchers have given a team of hackers working with Russia’s military intelligence directorate, the GRU. The US government has accused the group, otherwise known as Unit 74455, of perpetrating a wide range of large-scale hacks in recent years.

Between 2015 and 2018, Sandworm attacked Ukraine’s power grid, targeted chemical weapons inspectors in the UK, and hacked French President Emmanuel Macron’s political party, according to the US Justice Department. US authorities have also blamed the group for NotPetya, a series of malware attacks that in 2017 affected companies and organizations in more than 60 countries, causing billions of dollars of damage and affecting the operations of hospitals and other medical facilities, as well as some of the world’s largest corporations.

Also read: PM Modi, Sundar Pichai discuss data security, cyber safety ahead of Google for India event

France’s unveiling of the hack also comes after the sprawling cyberattack on the US government and private sector by suspected Russian hackers last year. They are thought to have implanted malicious code into popular software from Texas-based SolarWinds Corp. that affected as many as 18,000 customers.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

61 − = 57