CyberSecurityBoard
Sponsor Register Login

France ties Russian APT28 hackers to 12 cyberattacks on French orgs

In a separate report published today, the French National Agency for the Security of Information Systems (ANSSI) says the list of French organizations attacked by APT28 military hackers includes ministerial entities, local governments, and administrations, organizations in the French Defence Technological and Industrial Base, aerospace entities, research organizations, think-tanks, and entities in the economic and financial sector. Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. "France condemns in the strongest terms the use by the Russian military intelligence service (GRU) of the APT28 attack procedure, which has led to several cyber attacks against French interests," a statement released on Tuesday says. ANSSI also highlighted several notable APT28 campaigns since 2021, including ones repeatedly targeting Roundcube e-mail servers and several others using free web services for phishing attacks. In July 2018, the United States charged multiple APT28 members for their involvement in the DNC and DCCC attacks, while the Council of the European Union also sanctioned the threat group in October 2020 for the Bundestag hack. Since the start of 2024, APT28's attacks have primarily focused on stealing "strategic intelligence" from governmental, diplomatic, research organizations, and think tanks from France, Europe, Ukraine, and North America. APT28's list of previous victims includes the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC) before the 2016 U.S. Presidential Election and the breach of the German Federal Parliament (Deutscher Bundestag) in 2015. The same week, NATO, the European Union, and international partners also formally condemned a long-term APT28 espionage campaign against multiple European countries, including Germany and the Czech Republic. Last year, Poland said that APT28's military hackers had targeted multiple Polish government institutions in a large-scale phishing campaign. ​Since it was first spotted more than 20 years ago, the Russian state-backed hacking group (also tracked as Strontium and Fancy Bear) was linked to GRU's Military Unit 26165 and is believed to have coordinated many high-profile cyberattacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 29 Apr 2025 19:00:09 +0000


Cyber News related to France ties Russian APT28 hackers to 12 cyberattacks on French orgs

France ties Russian APT28 hackers to 12 cyberattacks on French orgs - In a separate report published today, the French National Agency for the Security of Information Systems (ANSSI) says the list of French organizations attacked by APT28 military hackers includes ministerial entities, local governments, and ...
1 month ago Bleepingcomputer.com Fancy Bear APT28
France blames Russian military intelligence for years of cyberattacks on local entities | The Record from Recorded Future News - According to French officials, APT28 — also known as Fancy Bear or BlueDelta, and long believed to be an arm of the GRU’s Unit 26165 —has been behind cyber operations affecting around ten French entities since 2021. France has accused a hacker ...
1 month ago Therecord.media Fancy Bear APT28
France says Russian state hackers breached numerous critical networks - The Russian APT28 hacking group has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. The threat group, which is considered part of Russia's military ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-23397 APT28 Cactus
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Poland says Russian military hackers target its govt networks - Poland says a state-backed threat group linked to Russia's military intelligence service has been targeting Polish government institutions throughout the week. According to evidence found by CSIRT MON, the country's Computer Security Incident ...
1 year ago Bleepingcomputer.com CVE-2023-23397 APT28
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
3 months ago Krebsonsecurity.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
French government recommends against using foreign chat apps - Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named ...
1 year ago Bleepingcomputer.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
Russian military hackers target Ukraine with new MASEPIE malware - Ukraine's Computer Emergency Response Team is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour. APT28, aka Fancy Bear or Strontium, is a Russian state-sponsored ...
1 year ago Bleepingcomputer.com Fancy Bear APT28
French Gov. Leaks 43 Million People's Data - French public employment administration loses control of citizens' data after biggest breach in Gallic history. Hackers stole 20 years of personal data relating to job seekers from a French agency. The boss of France Travail, Alexandre Saubot, has a ...
1 year ago Securityboulevard.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
1 year ago Bleepingcomputer.com Fancy Bear APT28 Turla Volt Typhoon
Detained Russian student allegedly helped Ukrainian hackers with cyberattacks - A Russian tech student could face treason charges for helping Ukrainian hackers carry out cyberattacks against Russia. A resident of the Siberian city of Tomsk, Seymour Israfilov was detained by Russian security services in October, but little ...
1 year ago Therecord.media
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group - The Russian cyber-espionage group known as Gamaredon may have been behind a phishing attack on Latvia's Ministry of Defense last week, the ministry told The Record on Friday. Hackers sent malicious emails to several employees of the ministry, ...
2 years ago Therecord.media
Microsoft blames Russia for ongoing hacks of 9-month-old Exchange bug - Advanced persistent threat group APT28 is behind ongoing campaigns to steal sensitive government and corporate information. The threat group is reportedly abusing unpatched instances of a Microsoft Exchange flaw patched nine months ago, according to ...
1 year ago Packetstormsecurity.com CVE-2023-23397 CVE-2023-38831 APT28
Poland says it was targeted by Russian military intelligence hackers - Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report. Poland's computer emergency response team, CERT-PL, said on Wednesday that it had observed a large-scale malware ...
1 year ago Therecord.media Fancy Bear APT28
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com
Russian APT Used Zero-Click Outlook Exploit - A Russian state-sponsored threat actor tracked as APT28 has been exploiting a zero-click Outlook vulnerability in attacks against dozens of organizations in NATO countries, cybersecurity firm Palo Alto Networks reports. Tracked as CVE-2023-23397, the ...
1 year ago Securityweek.com CVE-2023-23397 CVE-2023-29324 Fancy Bear APT28
Privacy tech firms warn France’s encryption and VPN laws threaten privacy - The first case concerns a proposed amendment to France's "Narcotrafic" law, which would compel providers of encrypted communication services to implement backdoors, enabling law enforcement to access decrypted messages of suspected criminals within ...
3 months ago Bleepingcomputer.com
Ukraine says it hacked Russian aviation agency, leaks data - Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for ...
1 year ago Bleepingcomputer.com
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
Russian hackers stole Microsoft corporate emails in month-long breach - Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12th, with Microsoft initiating its ...
1 year ago Bleepingcomputer.com APT29
HPE: Russian hackers breached its security team's email accounts - Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. Midnight ...
1 year ago Bleepingcomputer.com Cozy Bear APT29

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)