Threat Watch

Russian Military Intelligence Agency Targeting Outdated Versions of Centreon Software

As an update to the previous report by the French Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) regarding several French hosting providers being attacked via a vulnerability in IT monitoring software from Centreon, a press release issued by Centreon clarified that all of its customers that were impacted by the breach had been running an old and obsolete version of its software. The impacted organizations’ software had no longer been supported for six years and they had failed to install multiple major releases, thus missing any major security patches and feature updates. After the announcement by ANSSI, Centreon wanted to make clear this was not a supply chain attack affecting current versions of its software.

ANALYST NOTES

With the waves of the SolarWinds attacks still being felt, companies are more attuned to the possibility of supply chain attacks than ever before. After this announcement, the attacker’s methods are now a little clearer—they exploited out-of-date software. An essential aspect of this set of incidents is the reminder that it brings about the fundamentals of security, especially patching. Developing an inventory of software and equipment that is currently deployed and maintaining a regular patching interval can help get ahead of known and unknown threats as code bases change. Developing strategies to implement patches for critical vulnerabilities quickly should also be included depending on the timespan between updating systems, especially if proof of concept exploits are found in the wild or released publicly.

References:
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-only-hit-orgs-with-old-centreon-software/

Previously reported on Threat Watch here: ANSSI Links Attacks Against French Hosting Providers to Russian Military Intelligence Agency – Binary Defense