Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities
Centreon.
The intrusion campaign which breached several French entities is said to have started in late 2017 and lasted until 2020, with the attacks particularly impacting web-hosting providers, said the French information security agency ANSSI in an advisory. On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet, the agency said on Monday. This backdoor was identified as being the PAS webshell, version number 3.1.4. On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel.
We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain, FireEye CEO Kevin Mandia announced in a Sunday blog post. This compromise is delivered through updates to a widely used IT infrastructure management software - the Orion network monitoring product from SolarWinds. The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors.
Left unsaid in Mandia s statement was that FireEye was one of the victims of the campaign against an unknown number of SolarWinds customers, which include hundreds of the world s largest companies and government agencies, including the U.S. National Security Agency.