1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

France: Security officials fear Russian hacking attack

February 15, 2021

Officials believe that a series of hacking attacks between 2017 and 2020 appear to have been carried out by Sandworm, a group suspected of being closely connected to Russian military intelligence.

https://p.dw.com/p/3pOuP
Symbolbild Hackerangriff
Image: Nicolas Asfouri/AFP/Getty Images

France's national cyber security agency said on Monday that several organizations had been targeted by hackers in cases that bore similarities to other attacks by a group linked to Russian intelligence.

Officials said they exploited a vulnerability in monitoring software sold by French group Centreon.

The firm lists several blue-chip French companies as clients, such as power group EDF, defense group Thales, or oil and gas giant Total.

None of those companies were cited in the revelations by the French National Agency for the Security of Information Systems, known by its French acronym ANSSI.

The logo of French oil giant Total
French oil giant Total is a cilent of the software firm that was targeted, although authorities said 'information technology' companies were the main targets in this caseImage: Reuters/R. Duvignau

The French ministry of justice and city authorities such as Bordeaux are also named as Centreon customers on the group's website, but they did not appear to have been compromised, according to a statement on the incident.

"This campaign mostly affected information technology providers, especially web hosting providers," said ANSSI in a report.

It said "a backdoor" on several Centreon servers gave the hackers access to its networks.

"This campaign bears several similarities with previous campaigns attributed to the intrusion set named Sandworm," said the report.

Who are Sandworm?

Sandworm is a group of hackers believed to be close to Russian military intelligence.

The report, entitled "Sandworm Intrusion Set Campaign Targeting Centreon Systems," was released on Monday.

It gave technical details about how the hackers gained access to the Centreon servers. The hacking attacks took place between 2017 to 2020, ANSSI added.

In 2018, Sandworm hacked two of Germany's major public broadcasters, ARD and ZDF.

US federal investigators also believe they were behind the hacking of computer servers in 2016 belonging to the Democratic Party.

Russian hackers were also thought to have obtained emails from the campaign of French presidential candidate Emmanuel Macron, which were leaked just before the French election in early May of 2017.

jf/msh (AFP, Reuters)