According to French officials, APT28 — also known as Fancy Bear or BlueDelta, and long believed to be an arm of the GRU’s Unit 26165 —has been behind cyber operations affecting around ten French entities since 2021. France has accused a hacker group controlled by Russia’s military intelligence agency (GRU) of orchestrating a series of cyberattacks against French institutions over several years. In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28. APT28, active since at least 2004, has previously been linked to the 2015 attack on French television channel TV5Monde and efforts to disrupt France’s 2017 presidential election. The group reportedly relies on low-cost, easily accessible infrastructure like rented servers and VPNs to evade detection and complicate attribution, according to a report by France’s state cybersecurity agency (ANSSI). In May 2024, Berlin accused APT28 of targeting German defense and aerospace companies, political institutions and similar entities in other countries. Beyond France, the group has targeted military, government and media institutions across Europe and the U.S., using tactics such as phishing, brute-force attacks and zero-day exploits. APT28 continues to play an important role in Russia’s cyber operations against Ukraine and its allies. France’s decision to go public with the accusations comes amid heightened geopolitical tensions and growing concern over Russia’s ongoing invasion of Ukraine. Earlier this week, Russian President Vladimir Putin announced a so-called "humanitarian" truce in Russia's war against Ukraine to mark the 80th anniversary of the end of World War II in Europe. The European Union has imposed sanctions on individuals and entities tied to APT28’s campaigns, citing their efforts to compromise critical infrastructure and undermine democratic institutions. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. “This type of destabilizing activity is unacceptable and unworthy of a permanent member of the UN Security Council,” the ministry said, accusing Russia of violating international norms of responsible behavior in cyberspace. Last May, APT28 allegedly conducted a large-scale espionage campaign targeting Polish government institutions through a widespread malware operation. President Emmanuel Macron said on Tuesday that Western allies plan to intensify pressure on Moscow over the next 10 days in a bid to force a ceasefire in Ukraine. France said it remains committed to working with partners to detect, deter and respond to malicious cyber activity linked to Russia.
This Cyber News was published on therecord.media. Publication date: Tue, 29 Apr 2025 16:56:06 +0000