A cyber attack targeted several French companies and institutions between 2017 and 2020

The attack was carried out via the French software Centreon, which counts among its customers large companies and the Ministry of Justice.

The National Information Systems Security Agency (Anssi) alerted on Monday to the discovery of a computer intrusion “Affecting several French entities” via the French software Centreon, which counts among its customers large companies and the Ministry of Justice.

“The first compromises identified by Anssi date from the end of 2017 and continued until 2020”, writes Anssi in a report presenting the technical information related to this attack campaign. The Anssi established that the attack presented “Many similarities with previous campaigns of the Sandworm operating mode”, usually assigned to Russian military intelligence. But it does not explicitly accuse Russia, in accordance with its practice, of limiting itself to the technical expertise of the attacks. Allocation is a political decision, which cannot be made solely on technical criteria which may be misleading.

Cyber ​​attack “Recalls the methods that have already been used by the group linked to Russian intelligence Sandworm, but that does not guarantee that it is him”, told AFP the specialist in cybersecurity of the consulting firm Wavestone Gérome Billois. The duration of the attack before being discovered suggests attackers “Extremely discreet, rather known to be in the logic of theft of data and information”, he added.

The Centreon company defends itself

The mystery deepened on Tuesday, with target company Centreon blaming a third-party developer, and its main customers remaining silent on any potential impacts. “The security breach does not concern a marketed version of Centreon softwareSaid a spokesperson for Centreon.

The discreet cyber attack discovered by Anssi would have been active from the end of 2017 to 2020 and could have had as final targets the customers of the software, widely used by large companies including big names of the CAC 40 like Total and Airbus.

But according to Centreon, which analyzed the report published on Monday by Anssi, only an open source (free, and free) and old version of its solution, associated with “an additional module developed by a third-party operator», Could be targeted by the compromises. “We do not know what this module is, but it is absent from the codes and platforms produced by Centreon and the line of code on which it operates has been absent from Centreon solutions since 2015“, Affirmed the company, which evoked a”wild modificationOf his solution.

«It is not commercial users who are affected», Continues Centreon. “For open source users, they should check that the date of their software is after 2015. And we urge them to be wary of third-party integrators», Advises the company. According to this, the free version of Centreon is used on some “200,000 jobs“, And the commercial version by”720 clients“. Contacted Tuesday by AFP, many Centreon customers (including EDF, Bosch, Total, Atos or the Ministry of Justice) remained silent on the question of whether they had been affected by this attack.

The Paris prosecutor’s office, for its part, indicated that no investigation had been opened at this stage. “We ask Anssi for clarification on its methods of investigation and on the modifications made to our open source solutions.“, Pleaded the spokesperson for Centreon, denouncing a”extremely damaging questioning” for the company.

Solar Winds

In principle, the case recalls, via the compromise of another monitoring software, Solar Winds, developed by a company in Texas, and used by tens of thousands of companies around the world. “The supervision tools that we put in our information system are often targets for cybercriminals because they allow access to a lot of data”, explained Gérôme Billois. “They are known to be attack amplification tools”, he added.

In the United States, the cyberattack via SolarWinds affected the State Department, the Treasury, Homeland Security and the National Institutes of Health, among others. Contacted this Monday evening, the Ministry of Justice and other French companies did not make an immediate comment.

The Kremlin judged Tuesday “absurd” to consider that Russia could be guilty of the computer intrusion of which several French companies and institutions have been affected in recent years. “Russia has never had, has not, and cannot have the slightest connection with cybercrime of any kind,” Kremlin spokesman Dmitry Peskov told reporters after the latest revelations. monitoring of computer attacks in recent years in France.

SEE ALSO – Cyber ​​attack, poisoning of Navalny, interference in the elections… the White House will “hold Russia to account»

Related Posts

TikTok becomes a new recruitment space for companies

Comments Off on TikTok becomes a new recruitment space for companies

For the boss of PlayStation, the shortage of PS5 should last several more months

Comments Off on For the boss of PlayStation, the shortage of PS5 should last several more months

Fuel: why the E85 is attracting more and more French people

Comments Off on Fuel: why the E85 is attracting more and more French people

Foie gras, champagne, chocolate… What the French will taste at Christmas

Comments Off on Foie gras, champagne, chocolate… What the French will taste at Christmas

Neither meat nor fish: 500 personalities call the French to “Green Monday”

Comments Off on Neither meat nor fish: 500 personalities call the French to “Green Monday”

Europe, financial support for French start-ups

Comments Off on Europe, financial support for French start-ups

What are the French plans for 2019?

Comments Off on What are the French plans for 2019?

Cybersecurity: The Bureau des Légendes helps the government raise awareness among the French

Comments Off on Cybersecurity: The Bureau des Légendes helps the government raise awareness among the French

A quarter of the French buy a Christmas tree

Comments Off on A quarter of the French buy a Christmas tree

This summer, the French plan to spend 2200 euros per household for their holidays

Comments Off on This summer, the French plan to spend 2200 euros per household for their holidays

Which brands are the cheapest in the eyes of the French?

Comments Off on Which brands are the cheapest in the eyes of the French?

Paris-Normandy: justice will decide on Monday between the Belgian offers

Comments Off on Paris-Normandy: justice will decide on Monday between the Belgian offers

Create Account



Log In Your Account