Connect with us

Hi, what are you looking for?

Cyber Security

IT services firm Centreon downplays reports of backdoor software vulnerabilities linked to Russian hacking group Sandstorm

French IT monitoring company Centreon has downplayed reports of backdoor vulnerabilities in its open source software that were allegedly linked to Sandworm, a Russian hacking group.

France’s National Agency for the Security of Information Systems (ANSSI) released a report (PDF) this week (February 15) detailing how several French corporate entities have been impacted by vulnerabilities in Centreon’s eponymous open source IT monitoring product.

ANSSI reported that the software contained two backdoors that have impacted several customers for as long as three years.

However, the vendor has massively downplayed the issue, which it says is only present on outdated versions of its open source infrastructure monitoring product.

‘Misleading’

In response to ANSSI’s, Centreon said the report “could mislead individuals to believe that the solutions provided by Centreon would present security flaws”.

Centreon said that the flaws were present in obsolete software versions, and in a statement appeared to distance itself by stressing that only users who did not upgrade their builds weren’t protected.

It also said that none of its customers had been impacted by the malicious hacking campaign, and that it did not propagate any malicious code.

The statement reads: “The ANSSI report and our exchanges with them confirm that Centreon did not distribute or contribute to propagate malicious code.

“This is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.”

Sandworm links

The cyber agency, however, believes the campaign could be linked to Sandworm, a group of Russian hackers blamed for blackouts across Ukraine and the 2018 Winter Olympics opening ceremony cyber-attack.

A report reads: “On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet. This backdoor was identified as being the P.A.S. webshell, version number 3.1.4.

“On the same servers, ANSSI found another backdoor identical to one described by ESET and named Exaramel.

“This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm.”

Combined, the two vulnerabilities could allow for complete takeover of the software, which could enable hackers to move laterally across a victim’s network.

Further technical details can be found in the ANSSI report (PDF).

Advertisement. Scroll to continue reading.

ANSSI also released a number of recommendations to protect against the campaign, including keeping all software up to date and limiting the external exposure of IT monitoring systems.

“Monitoring systems such as Centreon need to be highly intertwined with the monitored information system and therefore are a prime target for intrusion sets seeking lateralisation,” the report reads.

“It is recommended either not to expose these tools’ web interfaces to [the] internet or to restrict such access using non-applicative authentication (TLS client certificate, basic authentication on the web server).”

Source: https://portswigger.net/daily-swig/it-services-firm-centreon-downplays-reports-of-backdoor-software-vulnerabilities-linked-to-russian-hacking-group-sandstorm

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO