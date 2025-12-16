French Interior Ministry hacked, exposing email servers and internal files

The extent of any data theft still unknown

APT28 suspected, due to past targeting of French government entities

The French Interior Ministry has confirmed recently suffering a cyberattack, but the consequences are still being determined.

The French Minister of Interior said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing threat actors to access some document files. However, it is currently unclear if they managed to steal anything and if so - what exactly.

"There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures," Interior Minister Laurent Nuñez told local radio station RTL Radio. "It could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime. At this point, we don't know what it is."

Was it the Russians?

Other than that, details are scarce, as it isn't known exactly who was responsible, or what they were looking for.

Initial reports speculate the attack might have been the work of APT28, an advanced persistent threat actor linked to Russia's Military Intelligence Service (GRU). Also known as Fancy Bear or Forest Blizzard, APT28 has been attributed to many high-profile cyber-espionage campaigns throughout the West.

For example, a recent report from the French National Agency for the Security of Information Systems (ANSSI), APT28 usually targets government agencies, research firms, think-tanks, and businesses in the French Defence Technological and Industrial Base.

They also target aerospace organizations, and other firms in finance and economy. For years, APT28 was targeting Roundcube email servers as well, harvesting vital data from governments and diplomats across North America and Europe.

In July 2025, the UK National Cyber Security Centre (NCSC) warned about APT28 targeting Microsoft 365 accounts with specialized malware called Authentic Antics.

