France Blames Russia for Cyberattacks on Dozen Entities

France on Tuesday said the Russian state-sponsored hacking group APT28 has targeted or compromised a dozen government organizations and other French entities.

Linked to the Russian General Staff Main Intelligence Directorate (GRU) and also tracked as BlueDelta, Fancy Bear, Forest Blizzard, Sednit, and Sofacy, APT28 has been active since at least 2004, typically targeting government, military, energy, and media organizations in Europe and the US.

Dragos observed APT28 targeting OT organizations in 2024, and Recorded Future in November 2024 attributed cyberattacks on 60 organizations in Asia and Europe to cyber-activity that overlaps with APT28.

On Tuesday, the French cybersecurity agency ANSSI published a report attributing attacks on the country’s local government, administration, ministerial, DBIR, aerospace, research, and financial organizations, as well as think-tanks, to APT28.

“In 2024, the victimology of the campaigns associated with the APT28 intrusion set primarily includes governmental, diplomatic, and research entities, as well as think-tanks ...