French software program supplier Centreon has strike again at a report from the country’s cybersecurity company that its solutions had been hijacked in a Russian cyber-campaign, boasting that no paying out prospects ended up influenced.
The business, which provides IT checking program not compared with SolarWinds, was at the centre of a report from the French Nationwide Agency for the Security of Info Programs (ANSSI) this week.
It claimed that the infamous Sandworm team, liable for harmful attacks versus Ukrainian power vendors in prior decades, had qualified IT and web hosting firms from 2017 to 2020.
The group is claimed to have dropped a edition of the P.A.S. web shell and the Exaramel backdoor Trojan to get hold of distant command of “several Centreon servers exposed to the internet.”
Nonetheless, in an update yesterday, the IT seller clarified that the campaign only focused legacy open up resource variations of its computer software, at all around 15 corporations.
“The marketing campaign described by ANSSI exclusively fears out of date variations of Centreon’s open up resource computer software. Indeed, the ANSSI specifies that the most modern version concerned by this marketing campaign is variation 2.5.2, produced in November 2014,” it said.
“This model is not only no more time supported for more than five a long time, but has apparently also been deployed without having regard for the security of servers and networks, together with connections outside the entities worried. Due to the fact this version, Centreon has produced 8 important variations.”
Centreon also produced it clear that it experienced not been responsible for unwittingly distributing malicious code by itself in a supply chain-design attack comparable to SolarWinds.
As well as the BlackEnergy assaults in Ukraine, Sandworm has in the previous been joined to cyber-espionage strategies towards NATO associates and European governments in 2019. Additional appropriate even now were being the assaults it released in opposition to Exim email servers very last 12 months.
Some parts of this article are sourced from:
www.infosecurity-magazine.com