France Officially Condemns Russia for Cyberattacks

France Officially Condemns Russia for Cyberattacks

May 6, 2025Cyber5 minutes
Linkedin

In a historic move, France has formally accused Russia of orchestrating cyberattacks against its strategic interests between 2015 and 2017, publicly pointing to the GRU and the hacker group APT28.

Attribution to Russian Intelligence Services (GRU)

France has officially attributed responsibility to Russia for cyberattacks targeting French interests between 2015 and 2017. In a strongly worded statement, the Ministry for Europe and Foreign Affairs directly points to the Russian military intelligence service (GRU) and a hacker group known as APT28 (also called Fancy Bear). This group, identified by experts as being part of the GRU's unit 26165, is believed to be behind cyberespionage and sabotage campaigns targeting France during this period.


This is a first for Paris: never before had the French state publicly accused Moscow based on its own intelligence. While APT28 was already well known to Western agencies and subject to EU sanctions, France is now taking a step further by publicly naming it as the perpetrator of these malicious attacks. The attack method used, a tool called “Sandworm”, was mentioned as being linked to APT28. In other words, authorities believe that Sandworm and Fancy Bear operate in coordination — two sides of the same threat driven by the GRU.

Cyberattacks Targeting Sensitive French Interests

Between 2015 and 2017, several sensitive French entities were targeted by these hostile operations. Among the targets were leading public institutions – including the Ministry of Armed Forces – as well as media outlets and strategic organizations. The French Foreign Ministry cites the 2015 sabotage of TV5Monde as an example, a major cyberattack that paralyzed the broadcaster for hours. At the time, the attackers falsely claimed to belong to a terrorist group affiliated with ISIS, but the investigation gradually pointed to a Russian origin.


Another key incident: the hacking of Emmanuel Macron’s presidential campaign in 2017, known as “Macron Leaks.” Thousands of internal emails and documents from the candidate’s team were stolen and leaked online just days before the runoff election. According to French authorities, this destabilization campaign — combining data leaks and disinformation — was also orchestrated by APT28. The presumed goal was to influence public opinion and sow doubt, although it ultimately failed to alter the electoral process. These two attacks (TV5Monde in 2015 and Macron Leaks in 2017) exhibit a common modus operandi attributed to the GRU, reinforcing the official attribution to Russia.

A Strong Diplomatic Response from Paris

In response to these acts, France's reaction is firm and unequivocal. Paris strongly condemns these cyberattacks, describing them as “unacceptable destabilizing activities, unworthy of a permanent member of the United Nations Security Council.” This wording, used in the official statement, highlights how seriously France views these digital intrusions. Additionally, the Ministry of Foreign Affairs recalls that these actions violate the UN-established norms of responsible state behavior in cyberspace — norms to which Russia has itself subscribed.


In this tense diplomatic context, France demonstrates its determination to hold Russia publicly accountable for its malicious actions. Alongside its international partners, it intends to use all available means to anticipate, deter, and respond to such cyberespionage operations in the future. Paris is thereby aligning with a broader movement condemning state-sponsored cyberattacks: several Western allies have already denounced APT28’s actions in recent years, and the European Union has even imposed sanctions on GRU members involved in past attacks. France is now clearly drawing a red line on cyberespionage and digital sovereignty, sending an unmistakable message to Moscow.

DATIVE’s Expertise Against State-Sponsored Threats

Faced with this type of state-origin threat, organizations must strengthen the security of their IT and OT environments, which are often interconnected and therefore vulnerable. DATIVE supports essential and important entities in developing robust cybersecurity strategies, combining consulting, solution integration, and risk management. Our expertise allows for effective anticipation, detection, and response to the most advanced attacks.


To learn more about DATIVE's IT and OT cybersecurity services, visit: https://www.dative-gpi.com/en/industrial-cybersecurity

News

News

General Security Regulation for Information Systems (RGS V2): A Cornerstone for Cybersecurity in France
Cybersecurity
General Security Regulation for Information Systems (RGS V2): A Cornerstone for Cybersecurity in France

The General Security Regulation for Information Systems (RGS) is a normative framework established to ensure a high level of security for the information systems of French public administrations. Version 2 (RGS V2), the latest update, strengthens this objective by incorporating technical and organizational evolutions tailored to current threats. This article offers a comprehensive overview of the standard, its key requirements, practical applications, and its critical role in the field of industrial cybersecurity, including within essential sectors such as industry.

Know more
Understanding Industrial Cybersecurity Challenges
Cybersecurity
Understanding Industrial Cybersecurity Challenges

Industry 4.0 is transforming production processes through connected technologies. This evolution enhances the efficiency and flexibility of industrial chains. However, industrial systems are exposed to new threats, highlighting the challenges of industrial cybersecurity. In 2024, 43% of French organizations experienced at least one successful cyberattack. These attacks aim to disrupt operations, steal data, or compromise the security of critical infrastructures. In the face of these growing risks, implementing appropriate cybersecurity strategies becomes essential. This article outlines the main industrial cybersecurity challenges. It presents the risks, impacts, and solutions to strengthen the security of industrial infrastructures.

Know more
How does industrial cyber security protect critical infrastructure?
Cybersecurity
How does industrial cyber security protect critical infrastructure?

Critical infrastructures are essential to the smooth running of our modern societies. A failure or targeted attack against these systems could have disastrous consequences. From major economic disruption to threats to public safety. Given the increase in cyber-attacks targeting these infrastructures, industrial cyber-security plays a central role in protecting them. It is based on a set of strict standards and regulations. These aim to strengthen the resilience of industrial systems in the face of digital threats. This report describes the cybersecurity challenges facing critical infrastructures and the main threats they face. It also describes the technical solutions put in place to ensure their protection.

Know more
ISO/IEC 27005:2022 – A Practical Guide to Cybersecurity Risk Management
Cybersecurity
ISO/IEC 27005:2022 – A Practical Guide to Cybersecurity Risk Management

In a world undergoing rapid digital transformation, where even the smallest security flaw can be costly, the ISO/IEC 27005:2022 standard emerges as an essential safeguard for proactive risk management. Combining rigor and adaptability, this framework provides industrial organizations with a structured roadmap to identify, assess, and address threats to their informational assets. In this article, we will break down the key aspects of the standard, its benefits, and how it integrates into a broader security ecosystem.

Know more
DATIVE Cybersecurity | Forum In Cyber
Cybersecurity
DATIVE Cybersecurity at Forum In Cyber 2025: Securing Industry Against Cyber Threats

Industry 4.0 is transforming production environments through the connectivity of OT (Operational Technology) systems, SCADA, Industrial IoT, and automated networks. However, this digital transformation also exposes critical infrastructures to increasingly sophisticated cyberattacks.

Know more