French cybersecurity agency ANSSI have recently found links to a Russian hacking group called Sandworm that has breached several French entities including a software firm whose clients include the French Ministry of Justice, and Airbus.
The French company Centreon has been attacked by hackers who are linked to the Russian military intelligence agency GRU. Like the recent US SolarWinds attack we covered recently; this attack is thought to be targeted to the supply chain of the software company by installing malware into Centreon’s client network affecting US companies.
ANSII have stated that this cyber attack campaign has been going on for around three years starting in 2017 until 2020, affecting mainly information technology providers and particularly web hosting providers.
Although unclear as to the extent of the number, Centreons clients that have been affected include Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF), Orange and the French Ministry of Justice.
This cyber-attack campaign, noted by ANSSI “bears several similarities with previous campaigns attributed to the intrusion set named Sandworm,” which “is known to lead consequent intrusion campaigns before focusing on specific targets that fits its strategic interests within the victims pool.”
Sandworm is a prolific hacking group that has shown ties with GRU by cyber security authorities already. Sandworm is predicted to be behind some of the largest and most catastrophic cyber-attacks in recent years such as the ransomware NotPetya in 2017 affecting the Winter Olympics in South Korea.
Sanctions against several officers of Russia’s intelligence unit linked to Sandworm have been imposed by EU diplomats after being suspected to be behind the 2017 cyberattack on the presidential candidate Macron’s political party.
This is quite serious news to come out of French authorities, especially since they have historically been reluctant to attribute any cyberattacks to a named threat actor in the past!