System hacked warning on screen showing cyber attack on news agency

Cyber Attack Hits French Leading News Agency AFP

French news agency Agence France-Presse (AFP) suffered a cyber attack that disrupted its content delivery infrastructure and file transfer systems.

Paris-based AFP won the 2020 and 2021 “Best News Agency” award by the Association of International Broadcasters (AIB). It operates English, French, Arabic, Portuguese, and Spanish news channels and employs over 2,400 people in 150 countries.

AFP said it was working to restore impacted systems and has engaged French cybersecurity agency ANSSI and law enforcement authorities to respond and investigate the incident.

“AFP’s technical teams are working on the incident with the support of the French National Agency for IT Systems Security (ANSSI). The relevant authorities in France have been notified,” the agency stated.

Nonetheless, the leading French media outlet says the cybersecurity incident did not affect its core news coverage systems, and its multi-language newsrooms continued to operate normally.

French news agency AFP compromised using FTP credentials

While the threat actor remains unknown, the French news agency’s technical teams found that some clients’ FTP credentials were used in the cyber attack.

Subsequently, the French news agency has urged its clients to reset their login credentials to secure their accounts and terminate the threat actor’s access.

However, AFP’s multi-language newsrooms continued their operations normally without interruption, suggesting that the cyber attack was limited to the news agency’s backend content delivery infrastructure.

Separate from the core reporting systems, content delivery systems provide real-time news feeds that can be integrated into various information products, content subscriptions, and custom news packages for niche markets.

The motive for the AFP cyber attack remains unknown although data theft, extortion, and disruption of operations are possible reasons. However, news outlets are also potential targets for state-sponsored cyber attacks, although no evidence suggests that this was the case.

AFP, Reuters, France 24, and other French media outlets have persistently fought Russia’s disinformation aimed at undermining their country’s unwavering support for Ukraine, thus making themselves a likely target for Russian hacktivists and state-backed hackers.

The Paris-based news agency is hardly the first to experience a cyber attack. In December 2022, the UK’s leading news agency The Guardian suffered a ransomware attack that disrupted operations and leaked employee data.

France is under immense cyber pressure

While no evidence suggests that Russia was involved, France has earned itself a spot on the list of top targets for Russian-linked cyber attacks since NATO’s arch-nemesis invaded Ukraine in 2022.

In 2023, France observed a 30% increase in ransomware attacks against key sectors such as energy and healthcare. The wave continued in 2024, with the EU and NATO member experiencing numerous high-profile attacks on its critical infrastructure, including healthcare systems and government services.

Notable cyber attacks include the French unemployment agency Pôle Emploi’s leak that impacted 43 million people, the Viamedis and Almerys data breaches, impacting 33 million individuals, and the Olympic Games venue Grand Palais Réunion des musées nationaux (Rmn) cyber attack.

In March 2024, the French Prime Minister’s Office said various government departments experienced cyber attacks “whose technical methods are conventional but the intensity unprecedented.”