Cyberattack on French Interior Ministry Email Servers
The French Interior Ministry confirmed a cyberattack that compromised its email servers, allowing attackers to access certain document files. In response, the ministry implemented enhanced security protocols and access controls, while an investigation was launched to determine the origin and scope of the breach. Authorities have not yet confirmed whether any data was stolen, and are considering multiple possible motives, including foreign interference, hacktivism, or cybercrime. The Interior Ministry, which oversees police, internal security, and immigration, is considered a high-value target for both state-sponsored and criminal actors.
The incident was reported in several news roundups, highlighting its significance within the broader context of European cybersecurity threats. While attribution has not been established for this specific attack, previous campaigns against French government entities have been linked to Russian state-sponsored groups such as APT28. The breach underscores ongoing concerns about the vulnerability of critical government infrastructure to sophisticated cyber threats and the need for robust incident response and investigation procedures.
Related Entities
Threat Actors
Sources
Related Stories
French Interior Ministry Email Server Breach and Potential Abuse
Hackers breached the email servers of the French Ministry of the Interior, as confirmed by Interior Minister Laurent Nunez. The attack, detected between December 11 and 12, allowed threat actors to access certain document files, though there is no current evidence of serious data compromise. In response, the ministry has tightened security measures and reinforced access controls for all agents, while an investigation is underway to determine the origin and scope of the breach. Authorities are considering various scenarios, including foreign interference, hacktivism, or cybercrime, and have not yet released technical details about the attack. Following the breach, there are indications that emails sent from the French Ministry of the Interior's domain were used to announce the reopening of BreachForums, a notorious cybercriminal marketplace. This suggests that the attackers may have leveraged their access to the ministry's email infrastructure for further malicious activity, potentially as part of a hacker honeypot or to lend credibility to their communications. The incident highlights the risks associated with compromised government email systems and the potential for such breaches to be exploited in broader cybercriminal operations.
2 months ago
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks ago
Olympique de Marseille Confirms Cyberattack Following Data Leak Claims
French football club **Olympique de Marseille (OM)** confirmed it was targeted by an *attempted* cyberattack after a threat actor claimed to have breached club systems and leaked a sample of allegedly stolen data on a hacking forum. The actor claims access to servers containing data on roughly **400,000 individuals**, including names, addresses, email addresses, and phone numbers, and also alleges theft of information tied to **~2,050 Drupal CMS accounts** (including staff and contributor/moderator accounts). OM said its technical teams and external specialist providers contained the incident quickly and that operations continue normally. The club stated **no banking details or passwords** were compromised, reported the matter to France’s data protection authority **CNIL**, and warned supporters to be alert for **phishing** attempts leveraging the incident. Reporting also noted the event in the context of a broader uptick in attacks against large organizations and referenced a prior breach affecting the French Football Federation.
2 weeks ago