The hackers breached the software company that listed by Airbus, Orange and the French Ministry of Justice as their clients.
France’s ANSSI cybersecurity agency on Monday said that “several French entities” had been attacked, and linked the attacks to a group of Russian hackers who are thought to be behind some of the most devastating cyberattacks in recent years.
The agency said that it had identified “an intrusion campaign” in which hackers, linked to the Russian military intelligence agency GRU, committed the French software firm Centreon to install two pieces of malware on their clients’ networks. The “support chain attack” is similar to the recently discovered commitment of U.S. business software SolarWinds which breached several US government agencies and many others.
The intrusion campaign began in late 2017 and lasted until 2020, ANSSI said, adding that “it most affected information technology providers, especially web hosting providers.”
Centreon said in a statement that “he has taken note of the information,” adding that “it has not been shown at this stage that the identified vulnerability refers to a commercial version provided by Centreon during the period in question.”
The company lists Airbus, Air France, Thales, ArcelorMittal, Electricité de France (EDF) and the signature of Orange telecommunications among its clients, as well as the French Ministry of Justice. It is not clear how many or what organizations were penetrated through the software hack.
ANSSI said that the campaign “shares several similarities with previous campaigns attributed to the established intrusion called Sandworm,” which “is known to lead consecutive intrusion campaigns before focusing on specific goals that fit their strategic interests within the victim pool.”
The hacker group Sandworm has been linked to GRU by cybersecurity authorities and experts. The group is believed to be behind some of the most damaging cyberattacks in recent history, including the NotPetya ransomware outbreak in 2017 and the attacks on the Winter Olympic Games in South Korea.
European diplomats imposed sanctions on several officers of the Russian intelligence unit linked to Sandworm in relation to cyberattacks. The U.S. authorities also accused the hackers belonging to the same group and said the group was suspected to be behind the 2017 cyberattack at the then president of the Emmanuel Macron La République En Marche party.
The public mention of Sandworm by the French authorities is rare, as the country has traditionally been hesitant to attribute cyberattacks.