- The French Ministry of the Interior hacked and exposed email servers and internal files
- The extent of data theft is still unknown
- APT28 suspected due to previous targeting of French government entities
The French Ministry of the Interior has confirmed that it has recently suffered a cyber attack, but the consequences are still being determined.
The French interior minister said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing threat actors to access some document files. However, it is currently unclear whether they have succeeded in stealing anything and if so – what exactly.
“There was indeed a cyber attack. An attacker was able to access a number of files. So we implemented the usual protection procedures,” Interior Minister Laurent Nuñez told the local radio station. RTL Radio. “It could be foreign interference, it could be people who want to challenge the authorities and show that they are able to access systems, and it could also be cybercrime. At this point, we don’t know what it is.”
Was it the Russians?
Other than that, details are scarce as it is not known exactly who was responsible or what they were looking for.
Initial reports speculate that the attack may have been the work of APT28, an advanced persistent threat actor linked to Russia’s Military Intelligence Service (GRU). Also known as Fancy Bear or Forest Blizzard, APT28 has been attributed to many high-profile cyberespionage campaigns across the West.
For example, according to a recent report by the French National Agency for Information Security Security (ANSSI), APT28 usually targets government agencies, research firms, think tanks and companies in the French defense technological and industrial base.
They are also aimed at aerospace organizations and other businesses in finance and economics. For years, APT28 also targeted Roundcube email servers, collecting vital data from governments and diplomats across North America and Europe.
In July 2025, the UK National Cyber Security Center (NCSC) warned of APT28 targeting Microsoft 365 accounts with specialized malware called Authentic Antics.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
