Russian Hackers Target French Government Emails, ANSSI Alerts

Summary:
A Russian state-sponsored hacking group known as Midnight Blizzard, also referred to as Cozy Bear or APT29, has targeted the French Ministry of Foreign Affairs using compromised emails from government staffers. The French National Agency for Information Systems Security (ANSSI) revealed that the hackers attempted to infiltrate networks by exploiting emails from the Ministry of Culture and the National Agency for Territorial Cohesion. This cyber espionage poses a significant national security threat to French and European diplomatic interests.
The group has a history of targeting political entities, including recent attacks on German political leaders. The ANSSI warning comes ahead of the 2024 Summer Olympics in Paris, where increased state-sponsored hacking and disinformation campaigns are anticipated. From February to May 2021, the hackers conducted phishing campaigns using compromised emails to deploy malicious attachments, aiming to install the Cobalt Strike tool. However, they failed to gain deeper access to government systems.
This cyber activity aligns with Russian intelligence efforts, which have intensified following the invasion of Ukraine. The hackers have continued similar phishing tactics targeting French embassies in Ukraine and Romania, using geopolitical themes to lure victims. ANSSI notes a high level of activity from Nobelium amidst the ongoing geopolitical tensions in Europe, emphasizing the group’s reliance on cyberespionage to enhance their offensive capabilities.