Alert symbol showing cyber attack on French municipalities

A Massive Cyber Attack Disrupts Operations Across Numerous French Municipalities

A “large-scale cyber attack” has taken down local government services in several French municipalities since the night of Tuesday, April 9. Local media reported that municipal workers who reported to work on Wednesday were instructed not to switch on their computers or use other devices.

The cyber assault targeted shared servers, disrupting services across Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais, Sonadev, and Pornichet. It took down business systems, email, and phone lines, forcing the impacted local authorities to communicate via social media and websites.

“Sonadev is also affected and our teams have neither access to their messaging nor to their documents and workspaces,” Sonadev authorities said.

According to a statement posted on the City of Saint-Nazaire and Saint-Nazaire Agglomeration website, “The services of the two communities cannot operate normally.”

No end in sight as French municipalities work to restore services

Cybersecurity teams across the impacted French municipalities are working relentlessly to mitigate the impacts of the cyber attack. The French cybersecurity agency ANSSI is also responding to the incident.

However, officials who described the attack as ongoing have warned that restoring the impacted systems could take months. Subsequently, residents of the affected French municipalities should plan for delayed services, with the City of Saint-Nazaire listing impacted services on its website.

“Faced with this unprecedented and large-scale aggression which attacks the public service, the teams are keeping a cool head and rising to the challenge,” said Mayor David Samzun of the City of Saint-Nazaire and President of the Agglomeration. “All teams are at work to allow the gradual resumption of services to users as quickly as possible. The days to come will allow us to say when and how.”

It remains unclear if the impacted French municipalities have leaked any sensitive information. However, Mayor Samzun has warned that the incident could have “significant consequences.”

“It is not yet possible to measure the exact extent of the cyber-attack or to determine precisely whether personal data was stolen by the hackers,” the Saint-Nazaire website stated.

Residents of the impacted French municipalities should remain vigilant for potential phishing attacks, which could result in personal information exposure.

So far, local authorities have not disclosed the nature of the incident, and no hacking group has claimed responsibility for the massive cyber attack on French municipalities.

“At this stage, the origin of the cyber attack is unknown, as is the duration of the blockage,” Saint-Nazaire City and Agglomeration officials said.

France is a popular target for cyber attacks with a history of massive data breaches

France is a popular target of cyber attacks by Kremlin-backed hackers, pro-Russian and anti-West hacktivists, and other organized cybercrime groups.

In January, the French city of Brittany suffered a ransomware attack that disrupted community services for significant periods.

Similarly, on March 11 and 12, French government websites experienced a wave of DDoS attacks by the Killnet-linked Anonymous Sudan hacktivist group. However, the attack came short of its objectives when it failed to disrupt government services.

French privacy regulators also discovered a massive trove of information collected from 43 million citizens circulating on the darknet. The data leak affected France Travail, the French social welfare department, and exposed citizens’ personally identifiable information (PII) going back two decades. That data leak exposed names, social security numbers, dates of birth, postal addresses, email addresses, and other details.

French third-party payment providers Viamedis and Almerys leaked personal data belonging to over 33 million individuals.

France also faces a persistent cyber threat from Russian hackers for its role in NATO and the Ukraine conflict.

French President Emmanuel Macron and ANNSI director Vincent Strubel recently sounded alarm over potential pro-Russian cyber attacks during the Paris Olympics.

The threat arises from the possibility of pro-Russian hackers targeting the sporting event to send a message in response to France’s support for Ukraine and a ban on flying Russia’s flag during the Olympics.

“Before and during the Olympics, French authorities should prepare for a surge of cyber-attacks that will probably greatly vary in sophistication, impact, and underlying goals,” said Dr. Ilia Kolochenko, CEO at ImmuniWeb. “Script kiddies and newbies from hostile countries may apply their basic skills to massively attack the most unprotected targets, like websites of small municipalities that don’t even have an IT budget, let alone a cybersecurity one.”

Kolochenko also warned that sophisticated nation-state actors could exploit the Olympics to target critical national infrastructure while the overwhelmed French cyber authorities focus on securing the sporting event.

“On the other side, while French law enforcement agencies are overloaded with Olympics’ security, nation states and professional cyber mercenaries may well try to exploit the distraction and ballooning shortage of resources to compromise governmental and military systems to damage critical national infrastructure (CNI) or steal top-secret information,” said Kolochenko.

He requested the French government to “urgently allocate additional resources to the understaffed agencies to reduce the risk of a major, nation-wide cyber incident.”

Meanwhile, France’s cybersecurity officials are closely working with their American counterparts to counter Olympic-related cyber threats, including those from state-sponsored actors.