The French Ministry of the Interior announced on Friday that it had been the victim of a cyberattack. Email servers were compromised, but it is still unclear whether any data was actually stolen. The attack was detected during the night of Thursday, December 11, to Friday, December 12.
The attackers managed to gain access to a number of document files, according to Interior Minister Laurent Nuñez speaking to RTL.FR. The ministry has since tightened its security protocols and strengthened access controls to staff information systems.
“There was indeed a cyberattack. An attacker was able to gain access to a number of files. So we have implemented the usual protection procedures,” Nuñez said in a statement to RTL Radio.
Investigation into the origin of the attack
The French authorities have launched an investigation to determine the origin and extent of the attack. Minister Nuñez indicated that investigators are looking into several possibilities: foreign interference, activists seeking to demonstrate vulnerabilities in government systems, or cybercrime.
The French Ministry of the Interior is obviously a valuable target for both state hackers and cybercriminals. It oversees the police force, Gendarmerie, and emergency services, is responsible for public safety, and manages files such as ID cards.
Previous Russian attacks
BleepingComputer puts the news in a broader context. In April, France attributed a large-scale hacking campaign to the APT28 hacking group, which French authorities say is linked to military unit 26165 of the Russian military intelligence service GRU. Over the past four years, the campaign has targeted or broken into a dozen French entities.
According to a report by the French security agency ANSSI, the list of French organizations attacked by APT28 includes a wide range of targets. These include ministerial entities, local governments and administrations, research institutions, think tanks, organizations within the French defense industry, aerospace companies, and entities in the economic and financial sector.
Since 2021, APT28 has repeatedly attacked Roundcube email servers. These attacks were primarily aimed at stealing “strategic intelligence” from governments, diplomatic services, and think tanks in North America and several European countries, including France and Ukraine.