Skip to main content

Malware targeting Centreon software

ANSSI identifies campaign targeting Centreon system monitoring software.

Alert status

On 16 Feb 2021, France’s cyber security agency, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), released information relating to ongoing malware targeting Centreon software since 2017. Centreon produce software for system and network monitoring, which is also named Centreon. ANSSI states that on compromise, two webshell variants, P.A.S and Exaramel, were uploaded.

ANSSI have provided analysis of the malware including detection methods and Indicators of Compromise


The ACSC recommends Australian organisations utilising Centreon follow advice provided by ANSSI and apply any updates or patches that are released.  Until updates or patches are released, the ACSC recommends that Centreon software management console be isolated from the internet and internal network connections be minimised.


The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it