The Anssi alerted Monday on the discovery of a computer intrusion "affecting several French entities" via the French software Centreon, which counts among its customers large companies and the Ministry of Justice.

The attack had "many similarities to earlier campaigns of the Sandworm modus operandi," generally attributed to Russian military intelligence, the agency said. 

The National Information Systems Security Agency (Anssi) alerted on Monday to the discovery of a computer intrusion "affecting several French entities" via the French software Centreon, which counts among its clients large companies and the ministry of Justice.

"The first compromises identified by Anssi date from the end of 2017 and continued until 2020," writes Anssi in a report presenting technical information related to this attack campaign.

A modus operandi generally attributed to Russian intelligence

The Anssi established that the attack had "many similarities to previous campaigns of the Sandworm modus operandi", generally attributed to Russian military intelligence.

But it does not explicitly accuse Russia, in accordance with its practice, of limiting itself to the technical expertise of the attacks.

The cyberattack "recalls the methods that have already been used by the Russian intelligence group Sandworm, but that does not guarantee that it is him," said cybersecurity specialist from the Wavestone consulting firm Gérome Billois.

The duration of the attack before being discovered suggests attackers "extremely discreet, rather known to be in the logics of data and intelligence theft", he added.

"Centreon has taken note of the information published by ANSSI this evening, at the time of publication of the report, which would concern facts initiated in 2017, or even in 2015," the Centreon company reacted on Monday.

"We are making every effort to take the exact measure of the technical information in this publication," she added.

>> READ ALSO -

 "Cyber ​​attacks against hospitals have jumped 500% since the arrival of the Covid"

The true scale of the attack remains to be defined

Used by many companies (Airbus, Air France, Bolloré, EDF, Orange and even Total) and by the Ministry of Justice, Centreon software is used to monitor applications and computer networks.

"This campaign mainly affected IT service providers, including web hosting," Anssi said.

But it can also induce an important "leverage" by exposing the data of the customers of these same providers, commented Gérome Billois, who specifies that it will take time to assess the true extent of the attack.

The case recalls the vast cyberattack attributed to Russia that targeted the United States in 2020, with hackers taking advantage of an update to surveillance software developed by a Texas company, SolarWinds, and used by dozens. thousands of companies and administrations around the world.