Centreon Says that Sandworm Group Attacks Affected Only 15 Companies

Earlier this week, the French National Agency for Information Systems Security (ANSSI) announced that a group of Russian “government” hackers Sandworm (aka Telebots, BlackEnergy, Voodoo Bear) were behind the attacks on Centreon software. The operation lasted three years, and as a result a number of French organizations were hacked.

ANSSI linked the hacks to the Centreon monitoring platform developed by the French same-named company. In essence, this product is almost identical in functionality to SolarWinds’ Orion platform, which was reported to have been compromised last December.

Centreon’s clients include many well-known organizations, including Airbus, Air France KLM, Agence France-Presse (AFP), Euronews, Orange, Arcelor Mittal, Sephora and even the French Ministry of Justice.

Representatives of Centreon hastened to issue their own press release, in which they call ANSSI’s statements “extremely destructive” and write that they will seek clarification from the agency.

Centreon assures that none of the company’s commercial customers were affected by the attacks (this also applies to customers in the public sector), and the incidents affected only those who downloaded the open-source version of Centreon, which the company posts for free on its website.

“According to our conversations with ANSSI over the past 24 hours, only about 15 organizations were targets of this campaign, and all of them were users of the legacy open-source version (v2.5.2), which has not been supported for more than five years”, — says Centreon.

In fact, the company claims that the victims themselves deployed an outdated version of the software in their systems, “not caring about the security of their servers and networks,” and the Centreon platform is reliable and has not been compromised.

“Indeed, the ANSSI specifies that the most recent version concerned by this campaign is version 2.5.2, released in November 2014. This version is not only no longer supported for more than 5 years, but has apparently also been deployed without respect for the security of servers and networks, including connections outside the entities concerned. Since this version, Centreon has released 8 major versions”, – write the specialists of the company.

Centreon recalls the importance of complying with ANSSI IT Health guidelines and recommendations for installing and securing software.

Centreon recommends that all users who are still using an outdated version of open-source software in production to upgrade to the latest version or contact Centreon and its network of certified partners.