On 16 Feb 2021, France’s cyber security agency, Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), released information relating to ongoing malware targeting Centreon software since 2017. Centreon produce software for system and network monitoring, which is also named Centreon. ANSSI states that on compromise, two webshell variants, P.A.S and Exaramel, were uploaded.
ANSSI have provided analysis of the malware including detection methods and Indicators of Compromise
Mitigation
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends Australian organisations utilising Centreon follow advice provided by ANSSI and apply any updates or patches that are released. Until updates or patches are released, the ASD’s ACSC recommends that Centreon software management console be isolated from the internet and internal network connections be minimised.
Assistance
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1.