On 16 Feb 2021, France’s cyber security agency, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), released information relating to ongoing malware targeting Centreon software since 2017. Centreon produce software for system and network monitoring, which is also named Centreon. ANSSI states that on compromise, two webshell variants, P.A.S and Exaramel, were uploaded.
The ACSC recommends Australian organisations utilising Centreon follow advice provided by ANSSI and apply any updates or patches that are released. Until updates or patches are released, the ACSC recommends that Centreon software management console be isolated from the internet and internal network connections be minimised.
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.