France Officially Condemns Russia for Cyberattacks
In a historic move, France has formally accused Russia of orchestrating cyberattacks against its strategic interests between 2015 and 2017, publicly pointing to the GRU and the hacker group APT28.
Attribution to Russian Intelligence Services (GRU)
France has officially attributed responsibility to Russia for cyberattacks targeting French interests between 2015 and 2017. In a strongly worded statement, the Ministry for Europe and Foreign Affairs directly points to the Russian military intelligence service (GRU) and a hacker group known as APT28 (also called Fancy Bear). This group, identified by experts as being part of the GRU's unit 26165, is believed to be behind cyberespionage and sabotage campaigns targeting France during this period.
This is a first for Paris: never before had the French state publicly accused Moscow based on its own intelligence. While APT28 was already well known to Western agencies and subject to EU sanctions, France is now taking a step further by publicly naming it as the perpetrator of these malicious attacks. The attack method used, a tool called “Sandworm”, was mentioned as being linked to APT28. In other words, authorities believe that Sandworm and Fancy Bear operate in coordination — two sides of the same threat driven by the GRU.
Cyberattacks Targeting Sensitive French Interests
Between 2015 and 2017, several sensitive French entities were targeted by these hostile operations. Among the targets were leading public institutions – including the Ministry of Armed Forces – as well as media outlets and strategic organizations. The French Foreign Ministry cites the 2015 sabotage of TV5Monde as an example, a major cyberattack that paralyzed the broadcaster for hours. At the time, the attackers falsely claimed to belong to a terrorist group affiliated with ISIS, but the investigation gradually pointed to a Russian origin.
Another key incident: the hacking of Emmanuel Macron’s presidential campaign in 2017, known as “Macron Leaks.” Thousands of internal emails and documents from the candidate’s team were stolen and leaked online just days before the runoff election. According to French authorities, this destabilization campaign — combining data leaks and disinformation — was also orchestrated by APT28. The presumed goal was to influence public opinion and sow doubt, although it ultimately failed to alter the electoral process. These two attacks (TV5Monde in 2015 and Macron Leaks in 2017) exhibit a common modus operandi attributed to the GRU, reinforcing the official attribution to Russia.
A Strong Diplomatic Response from Paris
In response to these acts, France's reaction is firm and unequivocal. Paris strongly condemns these cyberattacks, describing them as “unacceptable destabilizing activities, unworthy of a permanent member of the United Nations Security Council.” This wording, used in the official statement, highlights how seriously France views these digital intrusions. Additionally, the Ministry of Foreign Affairs recalls that these actions violate the UN-established norms of responsible state behavior in cyberspace — norms to which Russia has itself subscribed.
In this tense diplomatic context, France demonstrates its determination to hold Russia publicly accountable for its malicious actions. Alongside its international partners, it intends to use all available means to anticipate, deter, and respond to such cyberespionage operations in the future. Paris is thereby aligning with a broader movement condemning state-sponsored cyberattacks: several Western allies have already denounced APT28’s actions in recent years, and the European Union has even imposed sanctions on GRU members involved in past attacks. France is now clearly drawing a red line on cyberespionage and digital sovereignty, sending an unmistakable message to Moscow.
DATIVE’s Expertise Against State-Sponsored Threats
Faced with this type of state-origin threat, organizations must strengthen the security of their IT and OT environments, which are often interconnected and therefore vulnerable. DATIVE supports essential and important entities in developing robust cybersecurity strategies, combining consulting, solution integration, and risk management. Our expertise allows for effective anticipation, detection, and response to the most advanced attacks.
To learn more about DATIVE's IT and OT cybersecurity services, visit: https://www.dative-gpi.com/en/industrial-cybersecurity
News
The Military Programming Law (LPM) constitutes a central legislative framework for defense and security policies in France. Adopted every five to seven years, it sets the main strategic orientations, financial means, and operational priorities of the French armed forces. The latest version in force, LPM 2024-2030, includes strengthened provisions for cybersecurity, a national priority in the face of the rapid evolution of digital threats. In this article, we will explore the foundations of the LPM, its main provisions, and its impact on industrial cybersecurity, a key area for critical infrastructure and national sovereignty.
The Cyber Resilience Act (CRA), recently adopted by the European Union on March 12, 2024, marks a decisive turning point in the fight against cyber threats facing our increasingly digital society. This regulation aims to establish a robust framework to ensure the cybersecurity of digital products and services by imposing strict requirements on manufacturers, importers, and distributors. By integrating security standards from the design stage of products, the CRA aims to protect not only businesses but also consumers, thereby strengthening trust in the digital economy.
The General Security Regulation for Information Systems (RGS) is a normative framework established to ensure a high level of security for the information systems of French public administrations. Version 2 (RGS V2), the latest update, strengthens this objective by incorporating technical and organizational evolutions tailored to current threats. This article offers a comprehensive overview of the standard, its key requirements, practical applications, and its critical role in the field of industrial cybersecurity, including within essential sectors such as industry.
Industry 4.0 is transforming production processes through connected technologies. This evolution enhances the efficiency and flexibility of industrial chains. However, industrial systems are exposed to new threats, highlighting the challenges of industrial cybersecurity. In 2024, 43% of French organizations experienced at least one successful cyberattack. These attacks aim to disrupt operations, steal data, or compromise the security of critical infrastructures. In the face of these growing risks, implementing appropriate cybersecurity strategies becomes essential. This article outlines the main industrial cybersecurity challenges. It presents the risks, impacts, and solutions to strengthen the security of industrial infrastructures.
Critical infrastructures are essential to the smooth running of our modern societies. A failure or targeted attack against these systems could have disastrous consequences. From major economic disruption to threats to public safety. Given the increase in cyber-attacks targeting these infrastructures, industrial cyber-security plays a central role in protecting them. It is based on a set of strict standards and regulations. These aim to strengthen the resilience of industrial systems in the face of digital threats. This report describes the cybersecurity challenges facing critical infrastructures and the main threats they face. It also describes the technical solutions put in place to ensure their protection.