ANSSI, the French cybersecurity agency, has reported an intrusion campaign targeting the monitoring software Centreon distributed by the French company CENTREON which resulted in the rupture of separate French entities. The leading sufferer seems to have been compromised from late 2017. The campaign lasted until 2020.
This campaign mainly affected information technology providers, especially web hosting providers. On compromised systems, ANSSI discovered the nearness of a backdoor in the form of a webshell dropped on separate Centreon servers unprotected to the internet. This backdoor was identified as being the P.A.S. webshell, rendering number 3.1.4.