ANSSI, the French cybersecurity agency, has reported an intrusion campaign targeting the monitoring software Centreon distributed by the French company CENTREON which resulted in the breach of several French entities. The first victim seems to have been compromised from late 2017. The campaign lasted until 2020.
This campaign mostly affected information technology providers, especially web hosting providers. On compromised systems, ANSSI discovered the presence of a backdoor in the form of a webshell dropped on several Centreon servers exposed to the internet. This backdoor was identified as being the P.A.S. webshell, version number 3.1.4.