Paris (AFP)
An obsolete version of a software concerned and no client of its publisher, Centreon, affected: the discovery by a French government agency of a computer attack quickly deflated Tuesday, the day after its revelation.
In a technical note released on Monday, the French Information Systems Security Agency (Anssi), the IT security guard, revealed that "the first identified compromises" dated from the end of 2017 and that they had continued until 2020.
The Centreon company was then concerned, which counts among its customers important French companies such as Airbus and Total or the Ministry of Justice, raising fears that leading entities may have been affected.
Its software serves as a control tower of computer systems, in order to spot failures and other problems.
But, as of Tuesday, the group, after having exchanged with Anssi, assured that none of its customers was concerned, while Russia, suspected because of the operating mode detected, categorically denied being in the process. origin.
"The Anssi specifies that only about fifteen entities were the target of this campaign, and that they are all users of an obsolete open source version (free and open source), which has not been supported for 5 years. years, "Centreon said in a statement.
A version confirmed a few hours later by the government agency, according to which "no element (...) allows the software to be compromised before it goes into production, neither in its free repositories, nor at the publisher".
The Anssi also warned against the exposure on the Internet of this type of software, especially when it is associated with weakly secure passwords, as it found in this case.
Previously contacted by AFP, many of the group's customers (including EDF, Bosch, Total, Thales, Atos or the Ministry of Justice) have remained silent as to whether or not they were affected by this attack.
But others, including Air France, the Fondation de France and Action contre la Faim, said they were not affected.
According to Centreon, the free version of its software is used on some "200,000 workstations", and the commercial version by "720 clients".
- Denial of Russia -
The company has therefore advised users of a free version of its software to check if it is after 2015 and to be wary of "third party integrators".
The company also indicated that no "malicious code" had been propagated by Centreon and that "no parallel with other attacks" of the SolarWinds type (a gigantic cyberattack in the United States in December 2020) could be made. .
In its note, which is limited to a technical expertise and therefore does not formulate an accusation, Anssi noted that the attack in question had "many similarities with previous campaigns of the Sandworm modus operandi", generally attributed to the Russian military intelligence.
The Kremlin reacted Tuesday by deeming "absurd" to consider that Russia could be behind such a cyberattack.
Moscow has always denied having carried out computer attacks against its Western rivals, despite the proliferation of accusations in this direction, in Europe as in the United States, after the hacking of many institutions and companies.
"Russia has never had, has not, and cannot have the slightest connection with cybercrime of any kind," Kremlin spokesman Dmitry Peskov told reporters.
The Paris prosecutor, meanwhile, indicated that no investigation had been opened at this stage.
© 2021 AFP