France's foreign ministry explicitly accused Russia's GRU military intelligence agency on 29 April of mounting cyber-attacks on a dozen entities including ministries, defense firms and think tanks since 2021 to destabilize France. The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.
The ministry said in a statement that APT28's attacks on France go as far back as 2015, when the station TV5 Monde was taken off air in a hack claimed by purported Islamic State militants. France said APT28 had been behind the attack, and another in the 2017 presidential election when emails linked to the party and campaign of the eventual winner, Emmanuel Macron, were leaked and mixed with disinformation. According to a report by France's National Cybersecurity Agency (ANSSI), APT28 has sought to obtain strategic intelligence from entities across Europe and North America.
Officials said the government had decided to go public to keep the public informed at a time of uncertainty in domestic politics and over Russia's war in Ukraine. Russia's embassy in Paris did not respond to a request for comment.[1]
ANSSI said there had been a jump last year in the number of attacks on French ministries, local administrations, defense companies, aerospace firms, think tanks and entities in the financial and economic sector. They said APT28's most recent attack was in December, and that some 4,000 cyber-attacks had been ascribed to Russian actors in 2024, an increase of 15% on 2023. "These destabilizing activities are unacceptable and unworthy of a permanent member of the United Nations Security Council," the foreign ministry said. "Alongside its partners, France is determined to use all means at its disposal to anticipate, deter and respond to Russia's malicious behavior in cyberspace." APT28 has been active worldwide since at least 2004, primarily in the field of cyberespionage, hacking experts say.
In May 2024, Germany accused APT28 of launching cyber-attacks on its defense and aerospace firms and ruling party, as well as targets in other countries. At the time, Russia's embassy in Berlin called the accusations, "another unfriendly step aimed at inciting anti-Russian sentiments in Germany".
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msn.com/en-us/news/world/france-accuses-russian-intelligence-of-repeated-cyber-attacks-since-2021/
Comments