French Cyberagency Reveals Suspected Russian Hacking Campaign

February 15, 2021

France's cybersecurity watchdog says it has discovered a hack of French organizations that bore similarities to other attacks by a group linked to Russian intelligence.

In a report released on February 15, the French National Agency for the Security of Information Systems (ANSSI) said the hackers had taken advantage of a vulnerability in monitoring software sold by the Paris-based company Centreon.

ANSSI said it discovered intrusions dating back to late 2017 and stretching into 2020.

The watchdog did not identify the names or number of victims involved but said they were mainly “information technology providers, especially web hosting providers."

It also stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group often nicknamed Sandworm and thought to have links with Russian military intelligence.

Centreon's website says the company has more than 600 enterprise clients across the world, including France’s Justice Ministry and blue-chip French companies such as power group EDF, defense group Thales, and oil and gas giant Total.

The announcement comes as U.S. cybersecurity officials are still investigating a massive espionage campaign that hijacked IT monitoring software made by U.S. firm SolarWinds.

U.S. intelligence services have said Russia was likely behind the intrusions discovered in December 2020 in which government and private company networks in the United States and other countries were breached.

Earlier this month, Reuters reported that suspected Chinese hackers also targeted SolarWinds customers.