Cyber attacks on France since 2023

The European Repository of Cyber Incidents tracks major cyber attacks across Europe and beyond. In this chart of the week, Surfshark’s Research Hub looks at cyber attacks targeted at France since 2023 — there were 44 cases (an average of 3 per month). Keep reading to find out more details.

Key insights

• 8 of the 44 attacks were found to have been initiated or backed by at least one state actor. For 5 of those, Russia was identified as the initiator. One of the recent Russia-linked incidents was the infection of a nature protection agency in Île-de-France with ransomware by the group Lockbit.¹ The other countries identified as being initiators of incidents in France were China, Iran, North Korea, and Bangladesh.
• Two incidents stood out as the most impactful, with an impact rating of 5 out of 15 (the average rating of all 44 incidents in France was 3)². In January of 2024, ransomware was used to infect and blackmail energy company Schneider Electric, leading to terabytes of stolen data.³ The other incident was when Betton commune also fell victim to a ransomware attack.⁴
• 27 of the 44 incidents affected critical infrastructure in France. For example, on February 7th 2024, the French postal service La Poste and a bank called Crédit Agricole were targets of a DDoS attack.⁵ The next most frequently affected sector was state institutions, which were impacted by 20 incidents. An example of this was the targeting of the Interministerial Digital Directorate of France in March 2024 by a hacktivist group that used a DDoS attack to take down their website.⁶ France also saw incidents affecting corporate entities, education entities, media, and international organizations.
• The most common type of incident was hijacking with misuse (when an unauthorized actor gained privileged access to a system and then caused other issues). For example, in March of 2024, government agency France Travail was hacked into, and the data of up to 43M past or current job-seekers was stolen⁷. The second most frequent type of incident was disruptions (which can be the result of hijacking), recorded 28 times. Disruptions happen when the hostile actor suspends or disables the targeted organization’s normal operations. Other incident types seen since 2023 were data theft, ransomware, doxing, and hijacking without misuse.

Methodology and sources

Data on cyber incidents in France (between February 1st 2023 and March 17th 2024) was collected from the European Repository of Cyber Incidents on March 17th, 2024. The sampled time frame was chosen to ensure that Europoc’s data collection is standardized for the analyzed period, given that they made a change in data collection starting February of 2023. Data was aggregated per month, wherein risk scores were averaged across all monthly incidents, also initiating countries were noted. The number of times specific sectors were targeted and how many incidents of each type of each incident were calculated as well.

As reported by the European Repository of Cyber Incidents, as more information becomes available, certain incidents can get updated. For example, cases where the threat actor or initiating country is currently unknown can be updated as investigations conclude and information becomes public.

Note on data: A single incident can affect several sectors (e.g., in exploiting a specific software vulnerability, nefarious actors can use the same attack on several entities if these use the same software) and a single incident can have several types (e.g., hijacking with misuse can coexist with data theft).

Data was collected from:

References: