According to the report by French cybersecurity agency ANSSI, Russian hackers have successfully managed to exploit Centreon Software to infiltrate several French companies' networks, that were using the obsolete software.
The first victim was compromised in 2017, with attacks continuing until 2020. All compromised servers ran Centreon's IT monitoring software. ANSSI however didn't find the vector used to hack victims' servers to deploy Extramel and PAS Web Shell backdoors.
According to ANSSI, the attack has similarities with previous Sandworm attacks. Sandworm is an elite Russian cyberespionage group, that is believed to be part of the Russian Russian GRU's Main Center for Special Technologies (GTsST).