"French cyber security authorities have disclosed a wide-reaching supply-chain attack targeting several major household names by hackers who compromised the Centreon enterprise IT platform. The first evidence of the intrusion campaign dates back to 2017 with the attack lasting until 2020, according to the ANSSI cyber security agency. This mostly affected IT providers, in particular web hosting providers. Centreon describes itself as a company that offers AIOps-ready IT monitoring services that provide visibility to complex IT workflows from the cloud to the edge... During its investigation, ANSSI discovered the presence of a backdoor in the form of a web shell dropped on several Centreon servers exposed to the internet... This campaign also bears several similarities with previous cyber campaigns attributed to Sandworm, an infamous group that allegedly exploits vulnerabilities for surveillance against high-value targets on behalf of the Russian government..." https://www.itpro.co.uk/security/cy...s-wide-reaching-solarwinds-esque-cyber-attack
The IT-Pro article that is the source for the original post in this thread is somewhat misleading -- it appears that this was NOT a pure supply-chain attack. "France Ties 3-Year Hacking Campaign to Russia's Sandworm Unpatched, Open Source Versions of Centreon IT Monitoring Tool Hacked... French cybersecurity authorities are warning that widely used, open source IT monitoring software called Centreon appears to have been targeted by Russian hackers. But unlike the SolarWinds supply chain attack, in this campaign, attackers appear to have hacked outdated, unpatched versions of the software... A spokesman for Centreon tells Information Security Media Group that the open source version targeted by attackers appears to be a version of the software that dates from 2014 or 2015. 'So that's something quite striking here - that the users had not updated their versions.'... Hacked versions of the software also had 'non-Centreon-designed files' added to the installations, the spokesman says, adding that the victims also appeared to have configured the system running the monitoring software for remote access, without appropriate safeguards... German cyber espionage expert Timo Steffens likewise says that based on ANSSI's alert, the Centreon-targeting campaign appears to have targeted unpatched systems, rather than sneaking malware into the organization's software development pipeline..." https://www.databreachtoday.com/france-ties-3-year-hacking-campaign-to-russias-sandworm-a-15998
