Skip to main content

ANSSI identifies campaign targeting Centreon system monitoring software

Alert status
HIGH

On 16 Feb 2021, France’s cyber security agency, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), released information relating to ongoing malware targeting Centreon software since 2017. Centreon produce software for system and network monitoring, which is also named Centreon. ANSSI states that on compromise, two webshell variants, P.A.S and Exaramel, were uploaded.

ANSSI have provided analysis of the malware including detection methods and Indicators of Compromise

Mitigation

The ACSC recommends Australian organisations utilising Centreon follow advice provided by ANSSI and apply any updates or patches that are released.  Until updates or patches are released, the ACSC recommends that Centreon software management console be isolated from the internet and internal network connections be minimised.

Assistance

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.