France links Russian Sandworm hackers to hosting provider attacks

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group.

ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not been able to determine how the servers were compromised.

Therefore, it is not yet clear if the attackers exploited a vulnerability in the exposed Centreon software or the victims were compromised through a supply chain attack.

ANSSI discovered that the attackers deployed Exaramel and PAS web shell (aka Fobushell) backdoors when analyzing compromised servers on the networks of impacted organizations.

Read more…
Source: Bleeping Computer

Related story: Russian Sandworm hackers only hit orgs with old Centreon software