France Officially Condemns Russia for Cyberattacks
In a historic move, France has formally accused Russia of orchestrating cyberattacks against its strategic interests between 2015 and 2017, publicly pointing to the GRU and the hacker group APT28.
Attribution to Russian Intelligence Services (GRU)
France has officially attributed responsibility to Russia for cyberattacks targeting French interests between 2015 and 2017. In a strongly worded statement, the Ministry for Europe and Foreign Affairs directly points to the Russian military intelligence service (GRU) and a hacker group known as APT28 (also called Fancy Bear). This group, identified by experts as being part of the GRU's unit 26165, is believed to be behind cyberespionage and sabotage campaigns targeting France during this period.
This is a first for Paris: never before had the French state publicly accused Moscow based on its own intelligence. While APT28 was already well known to Western agencies and subject to EU sanctions, France is now taking a step further by publicly naming it as the perpetrator of these malicious attacks. The attack method used, a tool called “Sandworm”, was mentioned as being linked to APT28. In other words, authorities believe that Sandworm and Fancy Bear operate in coordination — two sides of the same threat driven by the GRU.
Cyberattacks Targeting Sensitive French Interests
Between 2015 and 2017, several sensitive French entities were targeted by these hostile operations. Among the targets were leading public institutions – including the Ministry of Armed Forces – as well as media outlets and strategic organizations. The French Foreign Ministry cites the 2015 sabotage of TV5Monde as an example, a major cyberattack that paralyzed the broadcaster for hours. At the time, the attackers falsely claimed to belong to a terrorist group affiliated with ISIS, but the investigation gradually pointed to a Russian origin.
Another key incident: the hacking of Emmanuel Macron’s presidential campaign in 2017, known as “Macron Leaks.” Thousands of internal emails and documents from the candidate’s team were stolen and leaked online just days before the runoff election. According to French authorities, this destabilization campaign — combining data leaks and disinformation — was also orchestrated by APT28. The presumed goal was to influence public opinion and sow doubt, although it ultimately failed to alter the electoral process. These two attacks (TV5Monde in 2015 and Macron Leaks in 2017) exhibit a common modus operandi attributed to the GRU, reinforcing the official attribution to Russia.
A Strong Diplomatic Response from Paris
In response to these acts, France's reaction is firm and unequivocal. Paris strongly condemns these cyberattacks, describing them as “unacceptable destabilizing activities, unworthy of a permanent member of the United Nations Security Council.” This wording, used in the official statement, highlights how seriously France views these digital intrusions. Additionally, the Ministry of Foreign Affairs recalls that these actions violate the UN-established norms of responsible state behavior in cyberspace — norms to which Russia has itself subscribed.
In this tense diplomatic context, France demonstrates its determination to hold Russia publicly accountable for its malicious actions. Alongside its international partners, it intends to use all available means to anticipate, deter, and respond to such cyberespionage operations in the future. Paris is thereby aligning with a broader movement condemning state-sponsored cyberattacks: several Western allies have already denounced APT28’s actions in recent years, and the European Union has even imposed sanctions on GRU members involved in past attacks. France is now clearly drawing a red line on cyberespionage and digital sovereignty, sending an unmistakable message to Moscow.
DATIVE’s Expertise Against State-Sponsored Threats
Faced with this type of state-origin threat, organizations must strengthen the security of their IT and OT environments, which are often interconnected and therefore vulnerable. DATIVE supports essential and important entities in developing robust cybersecurity strategies, combining consulting, solution integration, and risk management. Our expertise allows for effective anticipation, detection, and response to the most advanced attacks.
To learn more about DATIVE's IT and OT cybersecurity services, visit: https://www.dative-gpi.com/en/industrial-cybersecurity
News
Managing security vulnerabilities in industrial systems has become a key challenge — but one that’s rarely straightforward. With legacy equipment, unpatchable systems, and often incomplete inventories, field teams must navigate significant technical and operational constraints. While standards and frameworks provide valuable guidance, applying them in real industrial environments remains complex. This article explores the real-world obstacles and presents a pragmatic approach to effectively securing existing systems without disrupting operations.
On September 17 and 18, we will be participating in the Lyon Cyber Expo 2025 to defend a cause that is close to our hearts: industrial cybersecurity. Alongside us, FORTINET, a leading technology partner with whom we share the same ambition: to sustainably protect OT environments.
Industrial cybersecurity attacks are no longer fiction or rare exceptions. From attempted poisoning to power outages, safety system overrides, and global ransomware paralysis, real-world OT attacks are on the rise. These incidents expose critical vulnerabilities in industrial environments and underscore a crucial reality: operational systems have become high-value strategic targets.
Cyber attacks on industrial infrastructures have increased dramatically in recent years. For example, 420 million attacks against critical infrastructures (energy, transport, telecoms) took place between January 2023 and January 2024. This trend can be explained by the emergence of new attack techniques and vulnerabilities in architectures. To remedy this, manufacturers are using trends and tools to help them protect their IoT networks.
The Military Programming Law (LPM) constitutes a central legislative framework for defense and security policies in France. Adopted every five to seven years, it sets the main strategic orientations, financial means, and operational priorities of the French armed forces. The latest version in force, LPM 2024-2030, includes strengthened provisions for cybersecurity, a national priority in the face of the rapid evolution of digital threats. In this article, we will explore the foundations of the LPM, its main provisions, and its impact on industrial cybersecurity, a key area for critical infrastructure and national sovereignty.