France has directly accused Russia’s military intelligence of orchestrating years of cyberattacks against its institutions, revealing that Moscow’s digital warfare has increased by 15% in the past year alone.
Key Takeaways
- France has officially attributed cyberattacks against government ministries, defense companies, and think tanks to Russia’s military intelligence agency (GRU) and its hacker group APT28.
- The attacks, traced to Rostov-on-Don in Russia, have targeted approximately ten French entities since 2021, including attempts to undermine Emmanuel Macron’s 2017 presidential campaign.
- Russian-linked cyber incidents in France have increased to approximately 4,000 in 2024, representing a 15% rise from the previous year.
- This unprecedented public accusation comes amid heightened tensions with Russia and follows similar allegations from Germany and Britain about Russian sabotage activities in Europe.
Russian Military Intelligence Behind Years of Attacks
In an unprecedented move, the French government has directly accused Russia’s military intelligence agency, the GRU, of conducting systematic cyberattacks against French institutions since 2015. France’s foreign ministry specifically called out the GRU-linked hacker group APT28, also known as Fancy Bear or BlueDelta, for targeting government bodies, defense corporations, and policy institutes. This marks the first time France has publicly attributed specific cyber operations to Russia, signaling a strategic shift in how Western democracies are responding to digital aggression from hostile states.
The accusations detail that APT28, operating from “Rostov-on-Don in Russia”, has targeted around ten French entities since 2021, using sophisticated techniques while relying on relatively low-cost infrastructure like rented servers and VPNs to evade detection. French officials pointed to previous high-profile attacks orchestrated by the same group, including the 2015 attack on French TV station TV5Monde and significant interference in France’s 2017 presidential election, where the group worked to undermine Emmanuel Macron’s candidacy through information warfare tactics.
Escalating Digital Threats and International Norms
The French National Cybersecurity Agency (ANSSI) reported approximately 4,000 cyber incidents linked to Russian actors in 2024 alone, representing a disturbing 15% increase from the previous year. This surge highlights Russia’s continued investment in cyber warfare capabilities despite international condemnation and sanctions. France’s foreign ministry explicitly condemned these activities as “unacceptable for a permanent member of the UN Security Council,” arguing that they violate international norms of responsible behavior in cyberspace.
The timing of France’s accusations is particularly significant given broader geopolitical tensions surrounding Russia’s invasion of Ukraine. President Macron recently announced plans to increase pressure on Moscow to force a ceasefire in Ukraine, and these cyber revelations appear to be part of a coordinated Western strategy to expose Russian aggression across multiple domains. The European Union has already sanctioned individuals and entities linked to APT28 for compromising critical infrastructure and undermining democratic institutions throughout Europe.
Part of a Broader Pattern of Russian Aggression
France’s accusations follow similar allegations from Germany and Britain about – “Russian” sabotage activities across Europe, including reports of Russia planting incendiary devices on aircraft. This suggests a concerning pattern of Russian hybrid warfare tactics targeting Western democratic nations. The GRU’s APT28 unit has been documented operating aggressive cyber campaigns against Ukraine and its allies, with previous formal accusations from Germany and other European states identifying similar patterns of attack.
French officials have emphasized their commitment to collaborating with international partners to address malicious cyber activities linked to Russia. This public attribution represents a strategic shift away from the traditional reluctance of governments to directly accuse nation-states of cyber operations. By naming Russia’s GRU specifically, France signals both a hardening stance toward Russian aggression and a recognition that maintaining silence about such attacks no longer serves national security interests when facing an adversary operating with increasing boldness in the digital domain.
