Russian Military Intelligence Unit Linked to Major Hacks: Paris

April 30, 2025 TruthUSA

Paris has accused Russia’s Fancy Bear group of orchestrating cyberattacks against entities that are actively involved in French society.

French officials stated that a clandestine unit from Russia’s military intelligence, the GRU, is linked to multiple hacking incidents since 2021.

“The Russian military intelligence service (GRU) has been executing a cyber-offensive strategy known as APT28 against France for several years. Approximately 10 French entities have been targeted since 2021,” Jean-Noël Barrot, the French foreign minister, posted on social media platform X on April 30.

“In cyberspace, France monitors, obstructs, and combats its adversaries.”

This marks the first instance in which Paris has attributed cyber activities to the Russian state based on intelligence findings, according to Le Monde.

APT28, also known as Fancy Bear, is utilized by the GRU, which is Russia’s largest foreign intelligence agency.

Furthermore, France’s Ministry for Europe and Foreign Affairs disclosed the identity and location of a GRU unit contributing to APT28, referred to as Unit 20728.

In its statement, the ministry noted that since 2021, this attack methodology has been employed to compromise a dozen French institutions.

These institutions are significant players in French society, including public services, private enterprises, and a sports organization connected to the 2024 Olympic and Paralympic Games.

The ministry remarked that this same “modus operandi” was previously utilized by the GRU in the 2015 sabotage of the TV5 Monde television network.

At that time, the BBC reported that Jihadist propaganda was posted on the station’s website by individuals claiming to represent ISIS.

The station’s Facebook page displayed a warning to French troops to avoid the “Islamic State.”

ID cards belonging to relatives of French soldiers involved in anti-IS operations were also published.

Authorities mentioned that the same unit attempted to undermine the French electoral process in 2017.

French President Emmanuel Macron stated that a “massive” hack had leaked emails, documents, and campaign financing information online, adding that his campaign site and its databases experienced “hundreds or even thousands” of cyberattacks from Russia.

At that time, Macron accused Russia Today and Sputnik of acting as influence agents disseminating “fake news regarding me and my campaign.”

France is currently on its highest security alert for the Olympics.

In preparation for the games, French Interior Minister Gerald Darmanin warned about the potential for terrorist attacks from Islamic extremists and Iranian-backed pro-Hamas factions.

Darmanin also cautioned about security threats posed by environmental activists and far-right groups, as well as a risk of Russian cyberattacks.

“Many European partners have also been victims of APT28 in recent years,” the ministry added.

“These destabilizing activities are unacceptable and unworthy of a permanent member of the UN Security Council.

“They contradict the United Nations standards on responsible state behavior in cyberspace, which Russia has formally accepted.”

France’s National Information Systems Security Agency released a report on Wednesday addressing the threat posed by APT28 to thwart potential future attacks.

The report highlighted that APT28 operators execute “phishing campaigns” designed to deceive individuals into divulging sensitive information like passwords, credit card numbers, or personal details.

Additionally, it noted that the operators utilize “brute-force attacks,” especially against webmail platforms, while taking advantage of vulnerabilities.

The hacking group’s tactics, active since at least 2004, are frequently employed against government and military organizations, as well as the defense, energy, and media sectors, particularly across Europe and North America.

According to a report from France’s National Cybersecurity Agency (ANSSI), released in March, there were 4,386 security issues recorded in 2024, marking a 15 percent increase from the previous year.

This surge was mainly linked to entities identified as having ties to Russia and China, with the report stating, “2024 experienced a rise in attacks aimed solely at destabilization, primarily conducted by hacktivist groups.”

The Epoch Times reached out to Russia’s embassy in Paris for commentary but did not receive a response by the time of publication.

Chris Summers contributed to this report.

Source link