France has accused a Russian state-backed hacker group of launching cyberattacks on key national organizations. The group, known as APT28, reportedly targeted a dozen French institutions, including parts of the government, financial entities, and research centers.
APT28, also known as Fancy Bear or BlueDelta, has been active since 2004. It is linked to Russia’s military intelligence agency, the GRU. Over the years, it has been involved in cyber operations across Europe and the United States. The group often targets military, government, energy, and media sectors.
Critical French Systems Targeted by APT28
France’s cybersecurity agency ANSSI released a report on Tuesday detailing these attacks. It said the hackers went after government departments, local administrations, aerospace companies, and even institutions preparing for the 2024 Olympics and Paralympics. Think tanks and research bodies were also among the victims.
According to the agency, the hackers used phishing emails, brute-force logins, and software vulnerabilities to break into systems. Once inside, they gathered information rather than staying for long periods. They didn’t install tools to keep access. Instead, they relied on cheap and disposable infrastructure. This included rented servers, free hosting services, VPNs, and temporary email accounts.
APT28 adapted its attacks based on the target. It used compromised Roundcube email servers to spread malware like the HeadLace backdoor. The group also deployed a variant of the OceanMap stealer. In some cases, phishing campaigns were sent to Yahoo and UKR.NET users.
To stay hidden, the hackers used compromised routers and dynamic domain services. They also relied on free platforms like Mocky.IO to disguise their operations.
France Vows Response as Cyber Tensions Rise
France’s Foreign Ministry condemned the attacks strongly. It said these actions were part of a broader effort by the Russian GRU to destabilize the country. Officials pointed to earlier events, such as the 2015 TV5Monde hack and interference in the 2017 French elections.
The ministry said these cyber activities violate United Nations rules on responsible state behavior. It added that such actions are not fitting for a UN Security Council member. France said it will work with international partners to prevent, discourage, and respond to future cyber threats from Russia.
This public accusation signals a tougher stance from France as it prepares to host global events under increased cyber risk. With tensions growing in cyberspace, France is stepping up its efforts to defend national digital infrastructure.
