Cybercriminals have no borders. The discovery of the French national cybersecurity agency evidences this theory. This discovery corresponds to the knowledge of several cyber attacks between 2017 and 2020 carried out on French entities. However, what stands out the most are the similarities of these attacks with previous crimes. Carried out by a group of hackers linked to Russian intelligence services.
Details of the case
For its part, the French Information Systems Security Agency (ANSSI) issued a full report on the case. In it, they claim that “this campaign mainly affected IT service providers, especially web hosts”. On the other hand, the report revealed how the attacks were carried out. According to the agency, the monitoring program of the French group Centreonlos was the channel for the attacks. Among the clients of this program are the oil tycoon Total, the energy group EDF and the defense company Thales.
ANSSI also indicated that the attacks occurred thanks to a “backdoor” detected on several Centreon servers. Through which the hackers gained access.
A known modus operandi
Similarly, the researchers acknowledged similarities with past attacks. In this regard, the report states that they found “numerous similarities with previous campaigns of the Sandworm operating mode”. This last piece of information was specified in allusion to a group of Russian hackers. Regarding these previous campaigns, they detail that “the Sandworm modus operandi is known for launching broad campaigns and then choosing from among the victims those that are most strategic. The intrusions observed by ANSSI are in line with this behavior”.
On the other hand, George Billois, cybersecurity specialist at the Wavestone cabinet, declared to AFP that the intrusions “recall the methods already used by the Sandworm group linked to the Russian intelligence services, but this does not guarantee that it is them”. The community expects the investigations to continue in the near future. And thus, the origin of the attacks will be confirmed.