Alarm: French diplomats targeted by Russian cyber attacks

France’s cybersecurity agency has issued a warning about a hacker group linked to Russia’s foreign intelligence service (SVR) threatening the country’s diplomatic interests. France’s information security agency ANSSI said in an alert that state-sponsored actors with links to Russia have launched targeted Russian cyberattacks against French diplomatic facilities.

Cyber ​​attack on Russia explained

The cyberattacks on Russia have been traced to a group called Midnight Blizzard, previously referred to by Microsoft as Nobelium. This group is also known by other names such as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, and The Dukes. While APT29 and Midnight Blizzard are often used interchangeably to describe these Russia-linked intruders, ANSSI prefers to distinguish them as separate threat clusters. Another related group, Dark Halo, was responsible for the SolarWinds supply chain attack in 2020.

Details on the Russian cyber attacks

ANSSI, the Agence Nationale de la Sécurité des Systèmes d’Information, confirmed several attacks previously attributed to the Nobelium hacker group. The alert highlighted that Western diplomatic institutions, including embassies and foreign ministries, were the main targets of Nobelium’s cyber activities. French public organizations have also been attacked several times through phishing emails originating from previously compromised foreign institutions.

Specific incidents in France

Notable incidents include the compromise of email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion. Although the attackers could not access parts of the networks beyond the compromised inboxes, they used these accounts to attack other organizations such as the French Ministry of Foreign Affairs. Nobelium attempted to install Cobalt Strike, a penetration testing tool commonly abused by malicious actors to gain remote access to the network, but these attempts were unsuccessful.

Larger impacts and further attempts

One particularly alarming incident involved the compromised email account of a French diplomat, which was used to send a fake message about the closure of the French embassy in South Africa due to an unspecified terrorist threat. In another case, ANSSI reported that an attempt by Nobelium to break into the French embassy in Romania in May 2023 was thwarted due to the vigilance of diplomatic staff.

Strategic information gathering

The main goal of these large Russian cyberattacks, according to ANSSI, is to collect strategic intelligence from government and diplomatic targets. However, technology companies are also affected. Earlier this year, Microsoft confirmed that Nobelium had successfully compromised the email accounts of its senior executives. Around the same time, Hewlett Packard Enterprise reported a similar breach.

Impact on IT and cybersecurity

Russian cyberattacks in Europe continue to be a major concern for regional cybersecurity experts and governments. ANSSI warned that Nobelium’s attacks on IT and cybersecurity companies for espionage purposes strengthen the group’s attack capabilities and pose a significant threat. The intelligence gathered during recent attacks on companies in the IT sector could facilitate Nobelium’s future operations. The agency observed a high level of activity related to Nobelium against the backdrop of geopolitical tensions, particularly in Europe, related to Russian aggression against Ukraine.

Concerns about national security

Nobelium’s activities against government and diplomatic entities pose a significant risk to national security and endanger French and European diplomatic interests. ANSSI stressed that ongoing geopolitical tensions have increased the threat posed by these cyber actors and called for increased vigilance and robust cybersecurity measures to protect against such intrusions.

Diploma

Russia’s recent cyberattack on Europe has raised serious concerns about the region’s digital security. The French cybersecurity agency’s warning underscores the ongoing and evolving threat posed by state-sponsored cyberattackers with ties to Russia. It highlights the need for continued vigilance and strengthened cybersecurity protocols to protect diplomatic and government institutions from such sophisticated cyber threats.

Sources for this article include articles in The Hacker News and The Record.

The article “Alarm: French diplomats targeted by Russian cyber attacks” first appeared on TuxCare.

***This is a TuxCare blog syndicated by Security Bloggers Network, written by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/alert-french-diplomats-targeted-by-russian-cyber-attacks/