February 18, 2021
A report published by the French cyber security agency ANSSI in late January described a SolarWinds type of cyber-attack targeting the French monitoring software Centreon, breaching the security of several local organizations.
The attack, which bears resemblance to a recent attack on the US government as part of a series of global cyber-attacks targeting various nations, may have been carried out by Sandworm.
According to an article published by Gizmodo, although the attack was not attributed to a specific organization, the French ANSSI claims that its technique resembles that of the sophisticated Russian hacking group.
Sandworm is notoriously known for criminal and political affiliations, including alleged meddling with French elections, a blackout over Russia’s capital Moscow, attempted meddling with the 2018 Olympics games, and ransomware attacks on US companies.
In their attack on the French software, the attackers used malicious scripts called Webshells, which allow a remote attacked to hijack and gain control over a website or a system.
Screenshot: Lucas Ropek: ANSSI report
Similar to the attack on SolarWinds that provides services to US government agencies, the Centreon software, distributed by the company Centreon, also provides services to French companies and government entities.
While it still remains unclear how organizations can defend themselves from these types of attacks, one thing is certain – the use of third-party vendors that provide services to government bodies and organizations poses a cyber risk that must be addressed.
Follow Us on Facebook for the latest news and insights on cybersecurity.
Stay Safe with TrustNet!