The ANSSI shows the Nobelium Group’s hand, already responsible last year of the American’s piracy SOLARWINDS, and whose links with Russia are known. Even indirectly, it is rare for France to bind a cyber attack to a country.
Le Monde
In a report published on Monday 6 December , the National Information Systems Safety Agency (ANSSI) explains to observe a series of phishing attacks (phishing) having successfully compromised e-mail accounts belonging to French entities. Once compromised, these accounts were used to send fraudulent emails to foreign institutions.
In the same way, French public organizations have been sent, always according to the ANSSI, fraudulent e-mails sent by supposedly compromised foreign institutions. According to the ANSSI, the procedure of this attack, which started in February 2021 before intensifying from May, Nobelium’s month, a group of computer hackers who have already been guilty of attacks. against European and American diplomatic entities.
The United States already targeted by Nobelium
Nobelium has made itself known to the general public in 2020 for the massive hacking of the SOLARWINDS IT Management Software Editor. The group then led extensive operation affecting at least eight US administrations.
Microsoft and the US authorities had accused the Russian government to support these hackers, which Moscow has formally denied. In April 2021, the US President Joe Biden, however, imposed financial penalties in Russia and expelled Russian diplomats because of this hacking.
In October, Microsoft had already warned that the Nobelium group led a new offensive against American and European organizations. “This recent activity is a new indicator that Russia tries to gain long-term and systematic access to various points of entry to the technological supply chain and to establish a monitoring mechanism – today or in the future – Targets interesting the Russian government, “said Tom Burt, Vice President of Microsoft Customer Security Officer, in a blog post.
Designate to send a message
France, contrary to some of its allies and in particular the United States, has never formally awarded a cyberattack to a country. But the mention of the technical name of a group of attackers whose links with a country are of public notoriety is not innocuous.
This is a decision that France has already taken three times in the past. The Minister of the Armies had discreetly mentioned, In January 2019 , a dyed attack against the army by Turla, a group of pirates affiliated with Russia of very high level, before the ANSSI does not Pointe Responsibility in another attack in the Russophone Group Sandworm
The intention, by making public a finished attack for several months and conducted by a group that several allied countries consider being a unity of the Russian military intelligence service, was clear: send a message to the Kremlin and its hackers. The decision to explicitly mention Sandworm has thus been submitted and validated, according to our information, by the Elysee.
In July, ANSSI had also shown the activities of the Sinophone APT31 group, revealing “a vast compromise campaign affecting many French entities”.