Brussels (Brussels Morning) France’s national cybersecurity agency discovered a potential hack of numerous French companies, in an operation with the signature mark of a group previously linked to Russian intelligence, AFP reported on Tuesday.
The French National Agency for the Security of Information Systems (ANSSI) issued a report late Monday, stating that it has discovered a backdoor on several servers operated by the Centreon group, which provides monitoring software to a lengthy list of French blue-chip companies.
Even though ANSSI did not name any individual companies, the agency noted that the “campaign mostly affected information technology providers, especially web hosting providers.” The Centreon group’s clients include key security and infrastructure companies such as the power group EDF, the defence group Thales and the oil giant Total.
The report noted that the attack on Centreon infrastructure bore striking similarities to previous campaigns attributed to the intrusion set known as Sandworm, a hacker group believed to have links with Russian military intelligence.
State-sponsored hacking groups are notoriously difficult to pin on their sponsors, as separate organisational channels and careful covering up of digital tracks ensure that plausible deniability can be maintained. Without solid evidence, any retaliatory move can be dismissed as an unprovoked political action.
The French backdoor was opened from 2017 to 2020, according to ANSSI, and the attackers were “extremely discreet” during this period. AFP cites IT security expert Gerome Billois as claiming that the most likely aim of the attack was to spy on or steal information from the affected companies. Billois also noted it would take a long time to determine the full scale and implications of the attack.