Skip to content
16/02/2021
Updates

Rapport ANSSI – Q&A Centreon

Blog Rapport ANSSI – Q&A Centreon

Context for this FAQ

On February 15, the French national agency for the security of information systems, ANSSI, reported on an intrusion campaign targeting an obsolete and unsupported version of the free, open-source monitoring software Centreon (version 2.5.2, released Nov. 2014) which affected about fifteen unidentified French companies from 2017 to 2020, none of which were Centreon clients. This FAQ will help answer your questions on the ANSSI report. Should you require additional information, please contact our team of experts.

What is ANSSI and what was the report about?

ANSSI is a national authority that reports to the French General Secretary for Defence and National Security (SGDSN) on matters of national defence and security. The report concerned an intrusion campaign that took place between 2017 and 2020 on about fifteen unidentified French companies, mostly IT firms and web hosting companies that were running an outdated and unsupported version of the Centreon open-source monitoring software.

Was this a supply chain type of attack?

No, this was not a supply chain type of attack. In a statement following the report’s disclosure, ANSSI confirmed that the Centreon software did not distribute or contribute to propagate malicious code. The campaign they were reporting on was not a supply chain type attack and no parallel could be made with other attacks of this type. In addition, ANSSI specified that the campaign was over, and no malicious activity could be observed at this time. 

Which organizations were affected?

The ANSSI report did not disclose which organizations were affected by the campaign, only stating they were mostly IT firms and particularly web hosting companies. These organizations were not Centreon clients and we could not identify them. 250,000 IT pros use the free open-source Centreon software around the world. If you are a current user or considering using the free Centreon open-source software, make sure you use a version that’s currently supported. You can download the latest version here.

How can I find out if my organization might have been affected by this campaign?

Use this guide for instructions to check which version of the Centreon open-source software your organization is using and scan for potential illegitimate files. The campaign concerned an out-of-date version of the open-source software, version 2.5.2, stored on Internet-exposed servers. If you see you’re not using the latest Centreon Open Source version, update your software, making sure to always use the most recent version.

What was the impact of the intrusion campaign?

Because no Centreon clients were impacted, and since the campaign concerns unnamed users of an obsolete and unsupported free open-source version, it is difficult to assess what impact the campaign had for these users. Centreon issued a guide to help open-source users search for the existence of potential illegitimate files.

Were Centreon customers affected?

No Centreon customers were affected by the campaign reported by ANSSI. In addition, ANSSI confirmed that no malicious activity could be observed at this time.

We use Centreon or we’re considering using Centreon, what do you advise? 

If you’re using one of Centreon’s commercial editions or a recent version of the Centreon open-source software, you are not concerned by this issue. If you are running an outdated version of the software, refer to this guide to ensure you’re not exposed to potential vulnerabilities and update to the latest version of the software. If you are considering using a Centreon software product, contact our team of experts for more information and insights.  

What can we do to protect against such security vulnerabilities?

Follow the ANSSI IT Health Recommendations and use updated and supported software versions, especially within the context of production environments. We recommend that you follow the ANSSI guide “Configuration Recommendations of a GNU/Linux System.” Section 4 and 5 of this guide also provide some important recommendation to running a secure Centreon platform.

Is this comparable to the recent SolarWinds breach?

Late 2020 it was reported that hackers altered SolarWinds IT monitoring application in order to use it to breach a number of networks, including half a dozen US federal agencies. Hackers compromised the infrastructure of SolarWinds and used that access to trojanize and distribute updates to users of the company’s monitoring software called Orion. Although ANSSI reported a campaign involving Centreon servers, the nature and results of the attack were completely different. The servers that were breached were housing an outdated, unsupported version of the Centreon open-source software and were exposed to the Internet, a situation that is contrary to safe IT practices. The Centreon software itself was not compromised and it did not distribute or contribute to propagate malicious code. ANSSI confirmed that the campaign involving Centreon is not a supply chain type attack and no parallel with other attacks of this type can be made in this case.

Share

Facebook picto Twitter picto Twitter picto

Similar posts

Updates
SaaS IT Monitoring, with Centreon Cloud

Centreon has long been the platform of choice when it comes to monitoring the IT infrastructure from cloud-to-edge, and has been available either as an open source project or a commercial software edition : new ...

Updates
A look back: Five highlights from 2021

Year-end is the perfect time to look back and take stock. For all of us at Centreon, and we hope it was the same for you, clients, partners, and community members, 2021 did not disappoint. ...

Updates
HN Services partners with Centreon, expanding their expert service portfolio and supporting their clients’ IT system modernization

By relying on Centreon to enrich their portfolio of services, HN Services intends to support IT departments in their efforts to modernize and hybridize IT systems. Paris & Toronto – June 10, 2021 – Centreon, a trusted ...

Updates
Centreon and Solutionbox Informationstechnologie GmbH partner to help clients recenter monitoring on business outcomes

The announcement marks Centreon’s first partnership in Austria.  Paris & Toronto—May 19, 2021. Centreon, a trusted global provider of business-aware IT monitoring for always-on operations and performance excellence, announced today a first partnership in Austria. ...

Updates
Centreon CentOS Support

In December last year we communicated on the Red Hat announcement about CentOS Stream and the end of support of CentOS Linux 8 as of December 31, 2021. This Red Hat announcement generated a tsunami ...

Updates
Centreon and Nagios: 3 milestones to understand their distinctiveness

“Centreon is Nagios’s graphical user interface”, “Nagios and Centreon use the same code”, “Centreon is Nagios’s cousin”. As we notice such mythsare still alive today, it’s pertinent to draft a short history of Centreon based ...

Updates
CentOS Stream: about the recent Red Hat announcement

What’s happening to CentOS Linux 8? In January 2014, when Red Hat announced they joined forces with CentOS Project, the open source community thought it was a good opportunity to build a better CentOS. At ...

Updates
Let’s fix Video Calls with these Perfect Virtual Meeting Backgrounds

There’s not much we can do about lockdowns. We cannot change the fact that we’re far from done with soulless virtual meetings ruling every single aspect of our work and social lives. But we can ...

Updates
Webinar: What’s New in the Centreon 20.04 Software Release?

Everything you Need to Know About the New Centreon 20.04 Software Release Live Session with Centreon’s Product’ Experts Twice a year Centreon releases a new software update, creating a opportunity for our Product Team to ...

Ready to see how Centreon can transform your business?

Contact us
Free trial

Keep informed on our latest news