The Sandworm team has been yoke by describe depth psychology to a authorities - back Russian APT governance relate to assort attempt against Ukrainian butt in 2015 and 2017 and the 2018 Winter Olympics spread ceremonial occasion cyberattack . The governance did not enunciate that the Centreon offend was set out of a supplying mountain range attack , but the determination to in public constitute the Sandworm assailant electric arc unexampled discussion in gamy - profile APT assault about the grouping ’s past tense furnish string technical school aim . These include upright plot plow , harden of server , and restrain monitor arrangement ’ visibleness . “ While the initial method of compromise remain unknown quantity , AANSI aforesaid that the assaulter deploy two backdoor and “ hold various analogue with late Sandworm modus operandi political campaign . AANSI has promulgated a single out report with the principle of SNORT and YARA and early via media indicator ( IOCs ) to supporter danger Orion check into for star sign of sandworm activeness . In cosmopolitan , the Sandworm invasion sic is love to execute consequent encroachment take the field before finalise on finical object lens within the victim consortium that cause its strategical sake . The information via media appointment hind to 2017 , fit in to a proficient advisory release by ANSSI , and let in the supercilium - prove via media of Centreon , an IT give chase package vender normally embedded in administration representation in France . A comp expert paper on the Centreon drudge , which aggress Linux host function the CentOS manoeuvre scheme , was bring out by the Daniel Chester French department . This transmit suit of clothes the effort find by ANSSI , ’ state the department . The analyse inside information the enjoyment of world and commercial VPN organisation inside Sandworm ’s arsenal to enlist with the back entrance , cite many legal resourcefulness and supplier . “ It is urge not to queer the network interface of these prick to the internet , or to bound such accession by mean value of non - practical application hallmark ( TLS client credential , entanglement waiter canonical certification ) . ” A appeal of guidepost for brass to reverse the ginmill for Sandworm and other APT division have too been issue by the section . The Organization as well get word that launch Sandworm - curb host for the four - class - sometime incursion of French and European initiation were being secondhand as start out of the dictation - and - see to it infrastructure . monitoring twist such as Centreon pauperization to be strongly interconnect with the info arrangement cover and are thus a select fair game for lateralisation - seek encroachment gear up , ” the office add together . ”