France uncovered cyberattacks by GRU hackers on strategic objects.
France accused GRU hackers from the APT28 (Fancy Bear) group of attacks on its critical infrastructure.
According to CERT-FR's report for the period from 2021 to 2024, the following objects were attacked:
- ministries, local authorities, and government institutions;
- defense industry organizations (DTIB);
- aerospace enterprises;
- research institutions and analytical centers;
- organizations in the economic and financial sectors.
Targets of attacks in 2024
In 2024, the main targets of the attacks became government, diplomatic, research institutions, and analytical centers, including French state structures.
The attackers from APT28 initially conducted phishing campaigns, leveraging vulnerabilities, including 'zero days', as well as email attacks through password guessing.
Examples of attacks
Attacks on Roundcube mail servers via phishing.
Attackers from APT28 sent phishing emails to users working with the Roundcube mail server. The emails contained links or malicious code that exploited server vulnerabilities. The goal of the attack was to gain access to the contents of mailboxes, including emails, contacts, and confidential data, as well as to find new targets for further attacks.
2023 campaigns via free web services.
APT28 sent phishing emails with links to free hosting service domains InfinityFree. Users downloaded a ZIP archive that contained the malicious program HeadLace. This program collected credentials such as logins and passwords, system information, and installed a task scheduler for persistent access.
Campaign using OceanMap Stealer.
Hackers used an enhanced version of OceanMap Stealer - malicious software for data theft. This software used the IMAP protocol to extract saved credentials from browsers and send this data to criminals through encrypted channels.
Phishing attacks on users of UKR.NET, Yahoo, ZimbraMail, and Outlook Web Access.
Users received phishing emails with links to fake login pages for the aforementioned services in order to obtain their logins and passwords.
This CERT-FR research confirms France's accusations regarding hacker attacks from GRU and the APT28 group. The attacks on France's critical infrastructure aimed to gain access to confidential data and enrich the database with new targets for future attacks. This highlights the importance of ensuring cybersecurity and protecting information in the country.
Read also
- Wheat Prices Surge After Ukrainian Drones Halt Shipping in the Sea of Azov
- Over Half a Million Russians Declared Bankrupt as Economy Cracks Under Pressure
- Ukraine’s Inflation Trend Shifts: Fuel Costs Drop While Service Prices Climb
- Fear of a New Mobilization Wave Drives Russians to Mass-Buy Property Abroad
- Moscow Admits Fuel Shortage for First Time Amid Drone Strikes: Long Lines at Gas Stations and Crisis Affecting 50 Million Russians
- World Bank Disburses $3.35 Billion to Ukraine: Here’s How the Funds Will Be Used

