(Reuters) — Hackers have spent up to three years breaking into organizations by targeting monitoring software made by the French company Centreon, France’s cybersecurity watchdog said on Monday.
The watchdog, known by its French acronym ANSSI, stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group often nicknamed “Sandworm.”
ANSSI, Centreon, and the Russian embassy in Paris did not immediately return messages seeking comment.
The targeting of Centreon, a Paris-based company which specializes in information technology monitoring, further highlights how attractive such firms are to digital spies.
U.S. cybersecurity officials are still trying to get their hands around an ambitious espionage campaign that hijacked IT monitoring software made by the Austin, Texas-based firm SolarWinds. American officials, who have blamed Moscow for the hacking, have hinted that other firms have also been hit in similar ways.
Earlier this month Reuters reported that suspected Chinese hackers also targeted SolarWinds customers, using a different and less serious bug to help spread it across their victims’ networks.
The initial vector for the campaign of intrusions that targeted Centreon software was not known, ANSSI said in a 40-page report posted on its website. It said it had discovered intrusions dating back to late 2017 and stretching into 2020.
The watchdog did not identify the names or number of victims involved but said they were mainly IT services firms such as internet hosting providers.
Centreon’s website says it has more than 600 enterprise clients across the world, including the French Ministry of Justice.
(Reporting by Raphael Satter; editing by Grant McCool and Richard Chang)