Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label France. Show all posts
France
Bank Data Bank Security Banking Cyberattack Cyber Attacks DDoS DDOS Attacks France

France Postal and Banking Services Disrupted by Suspected DDoS Cyberattack

 

France’s national postal and banking services faced major disruption following a suspected distributed denial-of-service (DDoS) attack that affected key digital systems. La Poste, the country’s postal service, described the incident as a significant network issue that impacted all of its information systems, forcing the temporary suspension of several online services. The disruption affected both postal and banking operations at a national level. 

As a result of the incident, La Poste’s website, mobile application, online mail services, and digital banking platforms were taken offline. While online access was unavailable, the company stated that customers could still carry out postal and banking transactions in person at physical locations. The outage caused inconvenience for users who rely on digital services for routine tasks such as checking account balances, paying bills, or managing mail. 

La Banque Postale, the banking subsidiary of La Poste, also confirmed the cyber incident. The bank reported that the attack temporarily prevented customers from accessing its mobile banking app and online banking services. Both La Poste and La Banque Postale said technical teams were actively working to restore services, although no clear timeline for full recovery was provided.  

A Russian hacktivist group claimed responsibility for the attack, but French authorities have not confirmed who was behind it. Officials have not publicly attributed the incident to any specific group and continue to investigate the source and method of the attack. This uncertainty highlights the broader challenge of identifying and verifying perpetrators behind DDoS attacks, which are often difficult to trace due to their distributed nature. 

The disruption at La Poste comes amid a wider series of cybersecurity concerns in France. In recent weeks, the French government has dealt with multiple digital security incidents, including the discovery of remotely controllable software reportedly planted on a passenger ferry. These events have raised concerns about the security of critical infrastructure and essential public services. 

In a separate incident, the French Interior Ministry disclosed a data breach involving unauthorized access to email accounts and the theft of sensitive documents, including criminal records. Authorities later announced the arrest of a 22-year-old suspect in connection with that breach, though no name was released. It remains unclear whether the attack on La Poste is linked to this or other recent cybersecurity incidents. French officials have not indicated whether the recent attacks share common origins or motives. 

However, the growing number of incidents has increased scrutiny of national cybersecurity defenses and intensified concerns about the rising frequency and impact of cyberattacks on vital public services.
Read more »
Sensitive Information
Data Breach France Military NATO Naval Group Sensitive Information

Hackers Breach French Military Systems, Leak 30GB of Classified Data

 




A hacker group has claimed responsibility for a cyberattack targeting France’s state-owned Naval Group, one of the country’s most important military shipbuilders. The attackers say they have already released 30 gigabytes of information and are threatening to publish more, claiming the stolen files include highly sensitive military details.

Naval Group designs and builds advanced naval vessels, including France’s nuclear-powered Suffren-class submarines and the nation’s only aircraft carrier, the Charles de Gaulle. The company plays a key role in France’s defense capabilities and is a major supplier to NATO allies.

According to the hackers’ statement on a dark web platform, the stolen material includes information on submarines, frigates, and possibly source code for submarine weapon systems. They allege they hold as much as one terabyte of data and have given the company 72 hours to confirm the breach.

Naval Group has rejected the claim that its internal networks were hacked. In a statement, the company said it “immediately launched technical investigations” after the material appeared online and described the incident as a “reputational attack”— suggesting the goal may be to damage the company’s public image rather than disrupt operations. The firm stressed that so far, there is no evidence of unauthorized access to its systems or any impact on its activities.

The leaked 30GB of files, if authentic, could contain sensitive information related to France’s nuclear submarine program, which is central to the country’s national security strategy. Naval Group, which is nearly two-thirds owned by the French government, employs over 15,000 people and generates annual revenues exceeding €4.4 billion.

Cybersecurity experts note that military contractors worldwide have increasingly become targets for cyberattacks, as they store valuable data on defense technology. The case comes shortly after other high-profile breaches, including Microsoft’s confirmation that certain vulnerabilities in its SharePoint servers remained exploitable, and an intrusion at the U.S. National Nuclear Security Administration, which oversees America’s nuclear arsenal.

Naval Group says all of its technical and security teams are currently working to confirm the authenticity, origin, and ownership of the published data. Investigations are ongoing, and French authorities are expected to monitor the situation closely.

Read more »
Naval Group
Data Breach Data Leak France Hacker Forum Naval Group

French Defense Shipbuilder Naval Group Probes 1TB Data Breach

 

France’s state-owned defense firm Naval Group is investigating a major cyberattack after 1TB of allegedly sensitive data was leaked on a well-known hacking forum. The company, which designs and builds naval vessels, described the incident as an attempt at destabilization and a reputational attack, not a confirmed breach. Naval Group quickly involved cybersecurity specialists and French authorities, launching a thorough investigation to verify the authenticity and origin of the leaked data. 

The threat actor, going by the alias ‘Neferpitou’, initially posted a 13 GB data sample as proof and issued a 72-hour ultimatum to Naval Group for negotiations before publishing the full dataset. The leaked material reportedly contains classified information such as combat management systems for military vessels, technical documentation, and internal communications. Naval Group, however, asserts it has not detected any IT systems intrusion and operations remain unaffected. 

Naval Group is France’s leading naval defense supplier, majority-owned by the state with a global footprint that includes exports to Australia, India, Brazil, and Egypt. The company is responsible for constructing and maintaining some of France’s most sensitive assets, including submarines and aircraft carriers. The breach, if genuine, could have significant implications for national security and international defense partnerships. 

The data appeared on DarkForums, which has reportedly surged in popularity since the collapse of BreachForums, now acting as a central hub for cybercriminal activity. The incident has also sparked speculation that the leaked data might be recycled, possibly linked to a previous breach involving Thales, another key French defense player, in 2022. 

Despite the hacker’s claims and the potentially catastrophic exposure of confidential systems, Naval Group maintains that current evidence points more toward a reputational attack rather than proof of direct compromise. Investigations are ongoing, with the company committed to collaborating with authorities to resolve outstanding questions around the legitimacy and impact of the data leak.
Read more »
Telecom Firm
Cyber Crime France GSMA Online fraud Telecom Firm

French Telecom Companies Band Together to Combat Rising Fraud

 

The four leading mobile network carriers (MNOs) in France have teamed up to combat identity theft and online fraud. To help online companies fight fraud and digital identity theft, Bouygues Telecom, Free, Orange, and SFR announced on December 3 that they will introduce two network Application Programmable Interfaces (APIs) for the French market in the first half of 2025. This initiative is part of the Open Gateway system of the Global System for Mobile Communications Association (GSMA).

About GSMA

The GSMA, a trade association representing the global interests of mobile operators, was established in 1995. As of 2024, it has more than 750 members. In 2023, the GSMA launched the Open Gateway Initiative, aiming to create digital solutions that work seamlessly across devices, regardless of the nation or operator.

Since its inception, the program has onboarded 67 mobile network operators (MNOs) and 26 channel partners, representing 278 networks and covering three-quarters of global mobile connections. Developers can access these network capabilities via APIs through the CAMARA repository, an open-source initiative by the Linux Foundation.

“This aligned market launch of CAMARA APIs from France’s leading operators will make it easier to keep people safe from the growing threat of fraud. The initiative benefits businesses, mobile operators, and their customers, saving developers time, money, and effort while allowing for the quick launch of innovative new services.”

Henry Calvert, Head of Networks at the GSMA

Role of APIs in Mitigating Fraud

1. KYC Match API

Purpose: Cross-check user-provided information with verified data stored by the mobile network operator during the Know Your Customer (KYC) process.

The KYC Match API validates details such as mobile phone numbers, names, postal codes, and email addresses, without transferring any personally identifiable information (PII).

France is the first country to have all its national MNOs adopt KYC Match. Several financial institutions, including Crédit Agricole's online subsidiary BforBank and Credit Mutuel Arkéa's Fortuneo, are already utilizing this API in collaboration with DQE Software to screen new customers.

2. SIM Swap API

Purpose: Detect recent SIM card changes to prevent account takeover fraud.

This API checks if a phone number has recently had its SIM card swapped, helping financial institutions verify the relationship between a customer’s phone number and their SIM card during transactions.

Use Case: This helps prevent fraudsters from using stolen personal data and social engineering tactics to take over accounts.

“For example, at the time of a financial transaction, a financial institution can check whether the relationship between the customer’s phone number and SIM Card has been recently changed, helping them decide whether to approve the transaction or not.”

What’s Next?

Following the launch of KYC Match and SIM Swap APIs, French MNOs plan to release a third API, Number Verification, which will provide robust authentication for mobile numbers, potentially replacing SMS-based multi-factor authentication (MFA) solutions.

Key Benefits of These APIs

  • Enhanced Security: Protects users from identity theft and account takeover.
  • Operational Efficiency: Saves businesses and developers time and resources.
  • Improved Fraud Detection: Strengthens verification processes without compromising user privacy.

By adopting these APIs, French mobile carriers are setting a global benchmark for digital security and fraud prevention, making online interactions safer and more secure for businesses and consumers alike.

Read more »
Ransomware
Cyber Threats Data Breach France Paris Olympics Ransomware

Louvre and Top French Museums Fall Victim to Ransomware Attack, Including Olympic Sites

 



Over 40 museums in France, including the Grand Palais, a key venue for the upcoming Paris Olympics, and the world-famous Louvre, recently fell victim to a discernible ransomware attack. The breach, which occurred over the weekend of August 3rd, has raised concerns about the security of cultural institutions in the country.

According to police sources, the cyberattack specifically targeted a system that centralises financial data for various museums. This attack disrupted operations and led to the hackers demanding a ransom. They threatened to release sensitive financial information unless their demands were met. Although the exact amount of the ransom has not been disclosed, the incident has sparked a criminal investigation focusing on data system breaches and extortion by an organised gang.

The national cybersecurity agency of France, Anssi, confirmed that it had been notified of the breach and was actively investigating the situation. Importantly, the agency clarified that the compromised systems are not involved in any Olympic-related events, alleviating some concerns about the security of the upcoming games. The Grand Palais, which is scheduled to host fencing and martial arts during the Olympics, acknowledged that it had been affected by the attack but declined to share further details about the extent of the damage or the ongoing investigation.

Interestingly, the Louvre, initially mentioned as a potential target by the police, has since denied being impacted by the cyberattack. This denial has added a layer of confusion to the situation, as conflicting reports about the scope of the attack have emerged. Despite the Louvre's statement, the fact remains that the ransomware attack has exponentially impacted the museum sector in France, further stressing the vulnerability of even the most renowned cultural institutions to cyber threats.

Ransomware attacks have become increasingly common in recent years, where criminals infiltrate computer systems, encrypt data, and demand payment in exchange for unlocking the compromised systems. This incident highlights the expanding threat of cybercrime, even against prestigious and heavily protected targets like the Grand Palais and other prominent French museums.

As the investigation continues, French authorities are working to identify the perpetrators and prevent future attacks on the nation's cultural heritage. This incident calls for proper implementation of robust cybersecurity measures, especially as the world prepares for major international events like the Paris Olympics. 

The broader implications of this ransomware attack may push cultural institutions worldwide to reassess their digital security strategies, ensuring that their valuable assets remain protected from the growing trajectory of unique threats. 


Read more »
User Privacy
AI Surveillance France Paris Olympics Surveillance Tool Technology User Privacy

AI Surveillance at Paris Olympics Raise Privacy Concerns

 

French authorities' plans to employ artificial intelligence to scan the thousands of athletes, coaches and spectators descending on Paris for the Olympics is a form of creeping surveillance, rights groups said. 

In recent months, authorities have tested artificial intelligence surveillance equipment at football stadiums, concerts, and train stations. These devices will scan the crowds, look for abandoned packages, locate weapons, and more when the games start in late July. 

According to French officials, police, fire and rescue agencies, as well as certain French transport security agents, will employ these technologies until March 31, 2025, although they won't be fully operational until the games. 

Campaigners worry that AI spying will become the new norm. "The Olympics are a huge opportunity to test this type of surveillance under the guise of security issues, and are paving the way to even more intrusive systems such as facial recognition," Katia Roux, advocacy lead at Amnesty International France, stated. 

The French government has enlisted four companies in the effort: Videtics, Orange Business, ChapsVision, and Wintics. These organisations' security solutions track eight critical metrics: traffic going against the flow, people in restricted zones, crowd movement, abandoned packages, the presence or usage of weapons, overcrowding, a body on the ground, and fire. 

The software has been tested during concerts by Depeche Mode and the Black Eyed Peas, as well as a football match between Paris Saint-Germain and Olympique Lyon. 

Olympics: An AI playground 

French politicians have attempted to appease critics by banning facial recognition. Authorities say it's a red line that should not be crossed. 

Matthias Houllier, Wintics' co-founder, stated that the experiment was "strictly limited" to the eight use-cases mentioned in the law, and that features like crowd movement detection could not be utilised for other methods such as gait detection, which uses a person's unique walk to identify them. Wintics' design made it "absolutely impossible" for both end users and advanced engineers to utilise it for facial recognition. 

Experts are concerned that the government's methods for evaluating test performance, as well as the particular way this technology operates, have not been made public. 

"There is nowhere near the necessary amount of transparency about these technologies. There is a very unfortunate narrative that we cannot permit transparency about such systems, particularly in a law enforcement or public security context, but this is nonsense", Leufer said. 

"The use of surveillance technologies like these, especially in law enforcement and public security contexts, holds perhaps the greatest potential for harm, and therefore requires the highest level of public accountability," he added.
Read more »
User Privacy
Data Breach Data Leak France Health Care Firm User Privacy

Millions are at Risk After a French HealthCare Services Firm's Data Leak

 

Viamedis, a French healthcare services provider, suffered a cyberattack that exposed the private data of policyholders and medical professionals in the country. Though the company's website is currently not accessible, an announcement concerning the data breach has been posted on LinkedIn. 

The data revealed in the hack includes a beneficiary's marital status, date of birth, social security number, health insurer's name, and guarantees that can be paid by third parties.

The firm has clarified that the compromised systems did not contain people's banking details, postal addresses, phone numbers, or emails. Viamedis states that different alerts on the data that was exposed will be sent to healthcare professionals. 

In light of this, Viamedis has contacted the relevant authorities (CNIL, ANSSI), impacted health organisations, and the public prosecutor via complaint. The business is still looking into the implications of the breach. 

Since Viamedis oversees payments for 84 healthcare organisations that serve 20 million insured people, it is evident that the hack has a considerable impact. However, the exact number of individuals impacted has not been disclosed. 

An investigation is being launched to determine the extent of the breach, according to Agence France-Presse (AFP) and the company's general director, Christophe Cande. 

"To date, we do not have the number of insured individuals impacted; we are still in the process of investigation." - GD Viamedis' Cande.

Additionally, Cande stated that ransomware wasn't employed in the cyberattack. Instead, he claimed that the threat actor gained access to its systems through a phishing attempt that was successful against an employee. 

A warning confirming the indirect impact of the Viamedis data breach has been posted on the website of Malakoff Humanis, one of the organisations that works with Viamedis. 

Malakoff Humanis, one of the organisations associated with Viamedis, has put a notification on its website confirming the indirect effects of the data breach. 

In addition, the company is notifying affected consumers of the hack and service disruption through data breach notifications.

The statement reiterates the information mentioned in the Viamedis notification and informs customers that no banking, medical, or contact information saved on the platforms has been compromised.

According to Malakoff Humanis, users can still access their accounts and submit reimbursement claims. However, the temporary disconnection of the Viamedis platform is expected to disrupt the delivery of certain healthcare services. Similar circumstances are foreseen for other Viamedis service providers, such as Carte Blanche Partenaires, Itelis, Kalixia, Santéclair, and Audiens.
Read more »
User Safety
France iPhone 12 Mobile Radiation Mobile Security User Safety

Apple Seeks to Defuse a French iPhone 12 Issue as EU Inquiry Intensifies

 

In order to resolve a dispute concerning radiation levels, Apple pledged on Friday to upgrade the software on iPhone 12s in France. However, concerns in other European nations suggested Apple might need to take similar steps abroad. 

France suspended sales of iPhone 12 phones this week after tests revealed violations of radiation exposure regulations.

Apple refuted the findings, claiming that the iPhone 12 was approved by numerous international organisations as meeting all worldwide requirements, but announced on Friday that it would release a software update to take into account the French testing procedures. 

Over the past two decades, numerous studies have been undertaken to evaluate the health concerns related to mobile phones. The World Health Organisation claims that there is no evidence linking them to any negative health impacts. However, the radiation warning in France, which was based on test results that were different from those of other nations, has raised worries across Europe.

The Belgian state secretary for digitalization stated that he had urged Apple to update the software on the iPhone 12 across the EU, despite the fact that, according to the regulator's own preliminary analysis, the device poses no risk to customers. 

Italy was preparing to ask Apple to upgrade the software on iPhone 12s there, according to a government source in Rome, while Germany claimed it was in contact with French authorities to find an EU-wide solution. The conclusion of the French probe will come first, a second Italian government source claimed, and only then would Italian officials make any requests of Apple or take any independent actions.

The Dutch Authority for Digital Infrastructure stated that it is in contact with Apple as well as German and French authorities and is also conducting its own inquiry, which is due in two weeks. The organisation reported that it had received calls from customers who were worried. 

The French authorities welcomed Apple's software update, saying it will be quickly evaluated and would allow sales of the relatively old iPhone 12 model, which was released in 2020, to resume.

"We will issue a software update for users in France to accommodate the protocol used by French regulators. We look forward to iPhone 12 continuing to be available in France," Apple stated. "This is related to a specific testing protocol used by French regulators and not a safety concern."
Read more »
User Security
Cyber Security Data Safety France Safety User Data User Privacy User Security

French Government Allows Remote Access to Suspects' Devices: Privacy Concerns Arise

 

The French Government has recently introduced a new policy allowing the police to remotely access and control suspects' devices, including their cameras, microphones, and GPS data. Although this news has sparked controversy, similar practices have been in place in various countries for quite some time.

French Justice Minister Éric Dupond-Moretti announced the legislation, assuring that it would be utilized in only a limited number of cases annually. This spying capability will be granted for up to six months, subject to approval by a judge, and will primarily be applicable to cases carrying potential sentences of at least five years. "We're far away from the totalitarianism of 1984," he added. "People's lives will be saved."

The invasion of privacy involved in having law enforcement or government personnel gain unauthorized access to someone's phone and covertly observe their activities is undoubtedly concerning. It not only creates opportunities for the abuse of civil liberties by those in positions of power but also facilitates the misuse of this power by individuals acting in bad faith.

However, this type of surveillance is not a new phenomenon. As far back as 2006, the US FBI was legally activating cell phone microphones, even when the phones were switched off, to monitor suspects. During that time, it was still possible to remove the batteries from many phones, but modern devices lack this capability.

According to a 2022 report by Comparitech, all 50 countries examined granted some level of access to smartphones and their data for their respective police forces. The extent of access varied across countries, and many nations required warrants for such actions. 

China, Saudi Arabia, Singapore, and the United Arab Emirates offered the most unrestricted access, with China even allowing access without any suspicion of wrongdoing. Surprisingly, Germany permits intelligence agents to remotely access smartphones and install spyware without the individual being a crime suspect. In the United States, warrants are generally required, although exceptions exist. Australia takes it a step further by granting police the authority to modify data on a suspect's phone.

Nevertheless, several countries have established strong protections for smartphone privacy. Austria, Belgium, Finland, and Ireland are among the countries with the highest ratings in this regard, as they have clear laws stipulating that the police can access mobile phones only when the person is a suspect and a warrant has been issued.

If the idea of such access to your smartphone is unacceptable, there are options available in the market for smartphones equipped with physical switches that can prevent cameras and microphones from being activated, without the possibility of remote override. 

However, even if you deactivate your GPS, your location can still be tracked through triangulation using the cell towers that your phone communicates with numerous times each day.
Read more »
User Security
Data Breach Fine France GDPR User Privacy User Security

CNIL Fines Clearview AI 20 million Euros for Illegal Use of Facial Recognition Technology

 

France’s data protection authority (CNIL) has imposed a €20 million fine on Clearview AI, the controversial facial recognition firm time for illegally gathering and using data belonging to French residents without their knowledge. 

CNIL imposed the maximum financial penalty the company could receive as per GDPR Article 83 and also ordered Clearview AI to stop all data collection activities and delete the data gathered on French citizens or face an additional €100,000 fine per day. 

“Clearview AI had two months to comply with the injunctions formulated in the formal notice and to justify them to the CNIL. However, it did not provide any response to this formal notice,” the CNIL stated. 

“The chair of the CNIL, therefore, decided to refer the matter to the restricted committee, which is in charge of issuing sanctions. On the basis of the information brought to its attention, the restricted committee decided to impose a maximum financial penalty of 20 million euros, according to article 83 of the GDPR.” 

Clearview AI scraps publicly available images and videos of people from websites and social media platforms and associates them with identities. Using this technique, the company has collected over 20 billion images that are being employed to feed a biometric database of facial scans and identities. 

Subsequently, the American-based firm sells access to this database to individuals, law enforcement, and multiple organizations around the globe. 

In Europe, the General Data Protection Regulation (GDPR) dictates that any data collection needs to be clearly communicated to the people and requires consent. Even if Clearview AI is not employing leaked data and the company does not spy on people, individuals are unaware that their images are being used for identification by Clearview AI customers. 

CNIL's latest decision comes after a two-year investigation initiated in May 2020, when the French authority received complaints from individuals about Clearview facial recognition software. Another warning about biometric profiling came from the Privacy International organization in May 2021. 

According to the CNIL, it found Clearview AI was guilty of multiple violations of the General Data Protection Regulation (GDPR). The breaches include unlawful processing of private data (GDPR Article 6), individuals' rights not being respected (Articles 12, 15, and 17), and lack of cooperation with the data protection authority (Article 31). 

The CNIL judgment is the third decision against Clearview's activities after state authorities fined the firm in March and July for unlawfully gathering biometric data in Italy and Greece.
Read more »
Security research
CNIL Data Breach Fine France GDPR Payment Fraud Security research

The CNIL Penalized SLIMPAY €180,000 for Data Violation.

 

SLIMPAY is a licensed payment institution that provides customers with recurring payment options. Based in Paris, this subscription payment services firm was fined €180,000 by the French CNIL regulatory authority after it was discovered that sensitive client data had been stored on a publicly accessible server for five years by the firm. 

The company bills itself as a leader in subscription recurring payments, and it offers an API and processing service to handle such payments on behalf of clients such as Unicef, BP, and OVO Energy, to mention a few. It appears to have conducted an internal research project on an anti-fraud mechanism in 2015, during which it collected personal data from its client databases for testing purposes. Real data is a useful way to confirm that development code is operating as intended before going live, but when dealing with sensitive data like bank account numbers, extreme caution must be exercised to avoid violating data protection requirements.

In 2020, the CNIL conducted an inquiry on the company SLIMPAY and discovered a number of security flaws in their handling of customers' personal data. The restricted committee - the CNIL body in charge of applying fines - effectively concluded that the corporation had failed to comply with several GDPR standards based on these elements. Because the data subjects affected by the incident were spread across many European Union nations, the CNIL collaborated with four supervisory agencies (Germany, Spain, Italy, and the Netherlands). 

THE BREAKDOWNS 

1.  Failure to comply with the requirement to provide a formal legal foundation for a processor's processing operations (Article 28 of the GDPR)

SLIMPAY's agreements with its service providers do not include all of the terms necessary to ensure that these processors agree to process personal data in accordance with the GDPR. 

2. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

Access to the server was not subject to any security controls, according to the restricted committee, and it could be accessed from the Internet between November 2015 and February 2020. More than 12 million people's civil status information, postal and e-mail addresses, phone numbers, and bank account numbers (BIC/IBAN) were all hacked. 

3. Failure to protect personal data from unauthorized access (Article 32 of the GDPR) 

The CNIL determined that the risk associated with the breach should be considered high due to the nature of the personal data, the number of people affected, the possibility of identifying the people affected by the breach from the accessible data, and the potential consequences for the people concerned.
Read more »
Sensitive data
Cyber Attacks France Hacking Nobelium Russia Sensitive data

Nobelium Hacking Group Targets French Organisations

 

According to the French national cyber-security agency ANSSI, the Russian-backed Nobelium hacker group responsible for last year's SolarWinds hack has now been targeting French firms since February 2021. 

Whereas the ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) has not identified how Nobelium gained access to email accounts belonging to French organizations, it has stated that the hackers exploited them to send hostile emails to international entities.

In turn, French government organizations were targeted by fraudulent emails sent from servers belonging to foreign firms, which were thought to be infiltrated by the very same threat actor. Nobelium's infrastructure for cyberattacks on French entities was primarily built utilizing virtual private servers (VPS) from several hosting companies (favoring servers from OVH and located close to the targeted countries). 

"Overlaps have been identified in the tactics, techniques, and procedures (TTP) between the phishing campaigns monitored by ANSSI and the SOLARWINDS supply chain attack in 2020," ANSSI explained in a report. 

ANSSI advises limiting the processing of email attachments to prohibit harmful files provided in phishing efforts to fight against this hacker group's attacks. 

The French cyber-security agency additionally urges at-risk enterprises to use its Active Directory security hardening guidance to improve Active Directory security (and AD servers in particular). 

Nobelium, the hacker squad responsible for last year's SolarWinds supply-chain attack, which resulted in the compromise of various US federal agencies, is the cyber department of the Russian Foreign Intelligence Service (SVR), also known as APT29, The Dukes, or Cozy Bear. 

In April, the US government charged the SVR section of organizing the "broad-scope cyber-espionage campaign" that targeted SolarWinds. 

Based on strategies identified in events beginning in 2018, cybersecurity firm Volexity also attributed the assaults to the same threat actor. 

The Microsoft Threat Intelligence Center (MSTIC) revealed information in May on a Nobelium phishing effort that targeted government agencies from 24 countries. 

Nobelium is still targeting the worldwide IT supply chain, according to Microsoft, having hit 140 managed service providers (MSPs) and cloud service providers and compromised at least 14 since May 2021. 

Nobelium also attacked Active Directory Federation Services (AD FS) servers, seeking to infiltrate governments, think tanks, and private companies in the United States and Europe with the use of FoggyWeb, a new inactive and highly targeted backdoor. 

In October, Microsoft disclosed that Nobelium was perhaps the most prominent Russian hacking organization throughout July 2020 and June 2021, orchestrating the attacks that were behind 92 % of the notifications Microsoft sent to customers about Russia-based threat activity. 

Mandiant too linked the hacking organization to attempts to compromise government and enterprise networks throughout the world by targeting their MSPs with a new backdoor codenamed Ceeloader, which is designed to deliver more malware and capture sensitive information of political importance to Russia.
Read more »
United States
Cyber Crime France Hacker Hackers Arrested Kyiv Ukraine United States

25-Yr Old Hacker Detained by Ukraine Police

 

Following a collaborative international law enforcement investigation, two ransomware syndicates were apprehended in Ukraine. On Sept. 28, police investigators from Ukraine, the United States, and France arrested a 25-year-old hacker in Kyiv to put an end to a large cybercrime incident that cost more than $150 million worldwide. 

According to authorities, the suspect allegedly sought a ransom in turn of the victims' stolen information as of Oct. 4. The hacker is thought to have obtained this information by sending malware-infected phishing emails to workers of the organizations he targeted. 

As per the authorities, the cybercriminal, who hadn't been recognized, attacked over 100 enterprises in Europe and the United States, including world-famous energy and tourism companies. Europol noted that the hacker had a co-conspirator who assisted him in withdrawing funds from victims. 

Law enforcement investigators discovered and seized $375,000 in cash, two luxury automobiles, computers, and smartphones in the suspect's Scandinavian-styled Kyiv flat. 

Since virtual transactions are difficult to track, hackers frequently demand ransom in cryptocurrencies. Following inspections of the criminal's flat, authorities discovered that the Ukrainian cyber-criminal had over $1.3 million in cryptocurrencies in his possession. According to the authorities, he might face up to twelve years behind bars for breaching cybercrime and money laundering rules. 

"As a result, computer equipment, mobile phones, vehicles, and more than 360 thousand dollars in cash were seized. In addition, $1.3 million was blocked on the attacker's cryptocurrencies," the police said. 

Hackers from Ukraine and Russia rarely attack systems and networks in their nations, instead preferring to infect computers in Western Europe and the United States. Ukrainian cybercriminals are typically young, between the ages of 15 and 30, with no criminal history as well as a strong command of computer technology and mathematics. Their monthly income starts at $5,000, which is significantly higher than the $2,000 that tech experts in Ukraine might earn. 

Authorities all across the world are attempting to reverse the trend of ransomware assaults, which have become a lucrative business in recent years. Hackers, who are mostly from Eastern Europe, attack international companies, universities, government agencies, and even crucial infrastructures such as hospitals and gas stations.
Read more »
Smartphones
Cyber Security France French Government Israel Pegasus Smartphones

5 French Minister Phones Affected with Pegasus Spyware

 

At least five French ministers and President Emmanuel Macron's diplomatic advisor mobile phones have been infected by Israel-made Pegasus spyware, whistle-blowers confirmed on Friday 24th of September. 

As per a Mediapart report on Friday, French security agencies have discovered software during the phone inspection, with breaches reported in 2019 and 2020. 

In July Pegasus produced by NSO Group, the Israeli company, was already in the middle of a hurricane following a list of around 50,000 possible surveillance targets worldwide leaking to the media, and was capable of switching the camera or microphone and harbor their data. 

The insinuation was made about two months after the Pegasus Project, the media consortium which included the Guardian, found that a leaked database at the core of the investigatory project included contact information of top France officials, including French President Emmanuel Macron and most of its 20-strong cabinet. 

There is no strong proof of successful hacking of phones of the five cabinet members however media reports suggest that the devices were targeted by the potent spyware known as Pegasus, which is created by the NSO Group. 

Pegasus enables users to track the conversation, text messages, pictures, and location whenever installed effectively by government customers within the Israeli firm and can convert phones into remotely controlled listening devices. 

The consortium of Pegasus Project, organized by the French Forbidden Stories non-profit media, showed that international customers of NSO utilized hacker tools to attack journalists and human rights organizations. 

NSO reportedly stated that its strong malware is designed not to target civilian society members but to probe severe criminals. It has stated it has no link to the leaked database reviewed by the Pegasus Project and also the tens of thousands of numbers included do not target NSO customers. It has also firmly disputed that Pegasus Spyware has always targeted Macron. 

In a statement released on Thursday night, NSO said: “We stand by our previous statements regarding French government officials. They are not and have never been Pegasus targets. We won’t comment on anonymous source allegations.” 

Furthermore, the authenticity of the allegation was verified by two French individuals with knowledge of the inquiry, but they asked not to be named since they had not been allowed to talk to the media. 

"My phone is one of those checked out by the national IT systems security agency, but I haven't yet heard anything about the investigation so I cannot comment at this stage," Wargon told the L'Opinion website Friday. 

Mediapart stated that the handsets of the ministers for education (Jean-Michel Blanquer), Jacqueline Gourault, Julien Denormandie, Emmanuelle Wargon, Sébastien Lecornu and others – displayed indications of the virus Pegasus. The report noted that at the time of the allegations of targeting that happened in 2019 and less often in 2020, not all the Ministers had their current roles, but all were Ministers. The phone of the Macron Diplomatic Consultants at the Elysee Palace was also targeted. 

The Élysée Palace also stated that it would not comment on “long and complex investigations which are still ongoing”. 

The Prosecutor's Office refused to comment or to clarify whether or whether not the ministers' phone hacking had been found, stating that the investigation was subject to judicial confidentiality regulations. Although since the end of July, when the palace officials notified prudence, the Élysée has not reacted to the Pegasus affair and said that “no certainty at this stage”.
Read more »
Russia
Cyber Security Facebook Fake news France Russia

Facebook Shuts Down Fake Accounts Associated With Russia and French Military

Earlier this week, in a press conference, Facebook closed two misinformation networks related to Russia, one of which was associated with the French military. Facebook has accused these accounts of orchestrating interference campaigns in African regions. Two networks using multiple FB accounts were given to users associated with the Russian Internet Research Agency. In contrast, the third account had links to persons related to the French military, says Facebook. 

Facebook has closed all three accounts for violating the policy of foreign or government interference. These networks, according to Facebook, attacked targets in North Africa and Middle East countries. As of now, the French military has offered no comments on Facebook's allegations. The campaigns battled with each other, said Nathaniel Gleicher, Facebook's head of security policy, and David Agranovich, head of global threat disruption in a blog. 

It is the first time that Facebook found two campaigns (from France and Russia) fighting with each other, commenting on each other's accounts, claiming it is fake. These accounts used fake accounts as a central part of their operations to mislead people about who they are and what they are doing, and that was the basis for our action, says Facebook. One sample post read, "The Russian imperialists are a gangrene on Mali!" The French network accounts mainly targeted Mali and the Central African Republic. Other targets include Cote d'Ivoire, Chad, Algeria, Niger, and Burkina Faso. It involved 84 FB accounts, six pages, nine groups, and fourteen Instagram accounts that infringed a policy facing "coordinated inauthentic practice." 

In French and Arabic, some of the posts were about France's Francophone Africa systems, allegations of Russian meddling in CAR elections, supportive comments about the French military, and Russia's criticism. According to Gleicher and Agranovich, "we shared information about our findings with law enforcement and industry partners. We are making progress rooting out this abuse, but as we've said before, it's an ongoing effort, and we're committed to continually improving to stay ahead." As of now, the investigation is ongoing, and no further detail has been offered.
Read more »
Security
Apple Battery Performance Cyber Security France iOS iPhone Security

Apple Deliberately Restricts Old Versioned iPhones' Performance; Gets Fined!



Apple, the technology giant famously known for its partially eaten logo among other things, was recently fined by France’s authority that regulates competition in the country, mentioned sources.

This apparently isn’t the first time that Apple has been fined by governmental authorities but it hasn’t mattered to the multi-million organization much before because of its money replenishing power.

Per reports, the reason behind this charging happens to be Apple’s voluntarily keeping the fact from its users that the software updates it released in 2017 could limit the functioning of the older versions of iPhones.

According to sources, Apple never updated its users that the time-worn batteries of the older iPhones, namely, iPhone 7, iPhone 6, iPhone SE and such wouldn’t be able to manage the increased battery usages.

The Directorate-General for Competition, Consumption and the Suppression of Fraud (DGCCSF) is the aforementioned body that in one of its reports elaborated upon how Apple’s software updates hindered the proper performing of older models of iPhones and how the company never realized their duty to enlighten the users about it.

The updates in question basically curbed the performance levels of iPhones to thwart excessive energy consumption of older versions of the phones, eventually trying to ward off a total crashing down of the devices.

The users could go back to older software versions or replace the battery and their iPhones could have a chance at working like they formerly did. The issue is a good initiative and has a solution but how are the people to know about this and act accordingly, if they aren’t duly apprised by Apple?

And what’s more, Apple restricted the users from returning to their previous software types, meaning the users couldn’t do much about the situation anyway!

Sources mentioned that Apple agreed to pay the fine of around $27.4 million for purposely limiting the performance of older iPhones and not alerting the users about it.

There was quite a hullabaloo outside of France as well regarding the same issue including lawsuits that got Apple to publicly apologize and offer free battery exchanges for affected devices.

As per sources, an Italian agency too had fined Apple and Samsung for not conspicuously informing the users on how to replace batteries.

But, $27.4 is next to nothing for a gigantic tech name like Apple. It would, with no apparent trouble, stock back the amount of money in just 2roper to 3 hours!

Read more »
France
Altran Tech Cyber Attacks DNS Hijacking France

Altran Technologies, France; Smacked By A Cyber-Attack!




Reportedly, the France based Altran Technologies fell prey to a cyber-attack which attempted to smack down its operations in some of the European nations.



Last Thursday, a cyber-attack took the French engineering consultancy, Altran Technologies by storm.



This led to the organization’s closing down its It network and applications.



The firm instantly started working on a resurgence plan, making sure that it didn’t undergo much damage.



A large scale “Domain Name System” hijacking campaign is already being investigated and is subject to a lot of questioning.



This campaign is said to have wreaked havoc among a lot of government as well as commercial organizations, all across the world, cited the Britain’s National Cyber Security Center.

Read more »
WhatsApp
CNIL consent EU Facebook France internet privacy WhatsApp

France’s data protection authority CNIL gives a sharp warning to WhatsApp ;issues a formal notice

Facebook, when it acquired WhatsApp back in early 2014 said that it won't have the capacity to link the WhatsApp users to their Facebook accounts. In any case, things being what they are, turns out it wasn't so difficult after all. A year ago, the organization changed the WhatsApp terms of services to do just that: link the WhatsApp and Facebook profiles belonging to the same user.

Facebook had allowed many of its users to opt out, yet that wasn't sufficient for the regulators. Germany had even requested Facebook to quit gathering WhatsApp data last September, a similar thing happened in the UK several months later and now fast forward to December 2017; there be yet another European nation issuing similar order.

Facebook's messaging service WhatsApp was given a one-month final proposal by one of Europe's strictest privacy watchdogs, which requested it to quit offering user data to its parent without getting the necessary assent. France's information insurance specialist also known as the data protection authority, CNIL gave quite a cautioning to WhatsApp by issuing a formal notice, scrutinizing it for "inadequate and insufficient" participation and cooperation.

The decision comes a year later after the European Union privacy authorities (security specialists) said that they had "genuine concerns" about the sharing of WhatsApp user data for purposes that were excluded in the terms of conditions and the privacy policy when people had signed up to the service.
However, even after the EU slapped Facebook with a €110 million fine over unlawful WhatsApp information sharing, France says that it has still not collaborated with information security expert CNIL, and could confront another sanction if it doesn't start thinking responsibly inside 30 days. The social network is as yet exchanging Whatsapp information for "business intelligence," it claims, and the only possible way that clients can quit is by uninstalling the application.

It was a French regulator, who saw that WhatsApp was sharing user information like phone numbers to Facebook for "business insight" reasons. When it over and over made a request to take a look at the information being shared, Facebook said that it is put away in the US, and "it considers that it is only subject to the legislation of the country," as per the CNIL. The regulator countered that whenever information is assembled in France, it naturally turns into the authority in charge.

The information exchanges from WhatsApp to Facebook occur to some extent without the users' assent, nor the legitimate interest of WhatsApp, CNIL said.

France says that while the notice was issued to Facebook, it's additionally intended to exhort users that this "gigantic information exchange from WhatsApp to Facebook" was occurring. "The best way to deny the information exchange for 'business insight' purposes is to uninstall the application," it adds. In any case, Facebook guarantees that it will keep on working with the CNIL to ensure that the users comprehend what data it gathers as well as how the data is utilized.

The merging of WhatsApp's data with Facebook was the first step taken by Facebook a year ago towards monetising the stage since the social network's CEO Mark Zuckerberg bought the company for about $22bn in 2014.
Read more »
Subscribe to: Comments (Atom)