France’s cybersecurity agency ANSSI says it has discovered a hack of French organisations, with signs the breach may be linked to Russian intelligence.

Hackers have taken advantage of a vulnerability in monitoring software sold by French group Centreon and installed two pieces of malware into its clients’ networks, according to ANSSI, the National Agency for the Security of Information Systems in full.

Also, there is a backdoor on several of the company’s servers which has given the attackers access to its networks, according to media reports.

Paris-headquartered Centreon lists blue-chip French companies such as Airbus, power group EDF, the AFP news agency, defence group Thales, sportswear manufacturer Lacoste, logistics major Bollore and oil and gas company Total among commercial clients, and the likes of the French ministry of justice and city authorities such as Bordeaux among public sector customers.

It is unclear how many or which organisations were breached via the software hack.

The “intrusion campaign” took place from 2017 to 2020 and mostly affected information technology providers, especially web hosting providers. It had several similarities with previous attacks carried out by the Sandworm group which is linked to Russian military intelligence agency GRU, ANSSI said.

Centreon said: “We are doing everything possible to evaluate the technical information presented in this [ANSSI] publication.”

The company added it is “not proven at this stage that the identified vulnerability concerns a commercial version provided by Centreon over the period in question.”