Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Russian State Hackers Target French Government for Espionage

Midnight Blizzard Compromised Government Staff Emails for the Attack, French ANSSI Said
Russian State Hackers Target French Government for Espionage
The French cybersecurity agency warned that Russia hackers have targeted government agencies. (Image: Shutterstock)

A Russian foreign intelligence hacking group attempted to target the French Foreign Ministry using compromised emails of government staffers, the French cyber agency said.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

The French National Agency for Information Systems Security or ANSSI on Wednesday said Russian state hackers attempted to infiltrate the networks of the French Ministry of Foreign Affairs using compromised emails belonging to staff at the Foreign French Ministry of Culture and the National Agency for Territorial Cohesion.

Midnight Blizzard, also known as Cozy Bear and APT29 and previously tracked by Microsoft as Nobelium, operates out of the Foreign Intelligence Service or SVR.

The group poses a "national security concern" to French and European diplomatic interests, the agency said. In May, Germany disclosed its political leaders were targeted by the group for espionage (see: Phishing Attacks Targeting Political Parties, Germany Warns).

The ANSSI warning comes as France cyber defenders prepare for a likely onslaught of state-sponsored hacking and disinformation linked to the late July start of the 2024 Summer Olympics in Paris (see: Russian Cyberthreat Looms Over Paris Olympics).

From February to May 2021, Russian state hackers used compromised ministry and ANCT email accounts to conduct phishing campaigns, sending out malicious attachments with a bait file labeled "Strategic Review." If the victims opened the file, the attackers attempted to install a Cobalt Strike tool, the agency said.

The phishing campaign led ANSSI to conclude the Russian hackers were unable to move laterally into government systems.

Although the campaign preceded the Russian invasion of Ukraine, the agency said the attack aligns with the Russian intelligence gathering operations. After the Ukrainian invasion, the attackers used similar phishing campaigns to target French embassies in Ukraine and Romania, it said.

Those phishing emails used themes such as the shuttering of the Ukrainian embassy or the appointment of new ambassadors to lure the victims to open malicious email attachments.

"ANSSI has observed a high level of activities linked to Nobelium against the recent backdrop of geopolitical tensions, especially in Europe, in relation to Russia's aggression against Ukraine," the agency said, adding that the group is relying on cyberespionage to "strengthen their offensive capabilities" and to shape their future operations.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.