French authorities have attributed a coordinated series of cyberattacks to APT28, a group connected to Russia’s military intelligence agency, the GRU. These cyber operations, spanning from 2021 to 2024, targeted a range of French public institutions, defence sector organisations, media networks, and systems involved in the planning and delivery of the Paris 2024 Olympic and Paralympic Games.
The Ministry for Europe and Foreign Affairs confirmed the attribution in a statement on 29 April 2025, formally accusing Russia of violating international cyber norms through the use of state-directed actors. The French government referred to the operations as “incompatible with the responsibilities expected of a permanent member of the United Nations Security Council,” adding that the cyber campaigns breached accepted UN guidelines on responsible state behaviour in cyberspace.
What Is APT28 and Why Has It Been Attributed to the GRU?
APT28, also known in cybersecurity circles as Fancy Bear, is a threat actor group believed to be operated by Unit 20728 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation—commonly referred to as the GRU. The group has been active since at least 2007 and has previously been linked to significant cyber incidents across NATO countries, including the United States, Germany, the United Kingdom, and Poland.
APT28 has been accused of engaging in advanced persistent threat operations using tactics such as spear-phishing, exploitation of unpatched vulnerabilities in email servers, and obfuscation via low-cost infrastructure such as VPNs and publicly available hosting platforms. French cybersecurity authorities, including the National Agency for the Security of Information Systems (ANSSI), confirmed that these techniques were consistent across the intrusions observed in France.
The attribution to APT28 follows long-standing assessments from cybersecurity firms and intelligence agencies worldwide, which have linked the group to influence operations, intelligence-gathering missions, and destabilisation campaigns on behalf of the Russian state.
What Specific Cyberattacks Did France Attribute to APT28?
French authorities outlined at least 12 confirmed cyberattacks between 2021 and 2024 that were attributed to APT28. The incidents included attempts to gain unauthorised access to critical government networks, breaches in media outlets, and intrusions targeting defence contractors and national research organisations.
Two prominent historical attacks were specifically revisited in the French government’s attribution. First, the 2015 sabotage of the French broadcaster TV5Monde, which was initially portrayed as an Islamic State cyberattack but later traced back to GRU actors. Second, the 2017 breach of presidential candidate Emmanuel Macron’s campaign communications, where thousands of internal emails and documents were leaked publicly just days before the election.
Additionally, several attacks targeted systems linked to the Paris 2024 Olympic and Paralympic Games. These included cyber intrusions into event management software, logistics providers, and affiliated vendors in the months preceding the Games. In August 2024, a ransomware incident at the Grand Palais—one of the Olympic venues—resulted in a temporary shutdown of its digital infrastructure, disrupting final-stage preparations for the event.
Although the Games concluded in 2024 without a major cyber disruption, post-event investigations confirmed that state-backed threat actors had attempted to compromise related IT systems before and during the event window.
Why Is This Attribution Significant in the Context of Global Cybersecurity?
France’s public identification of APT28 and its association with Russia’s GRU signals an important development in cyber diplomacy and accountability. It aligns with similar actions by other Western governments, including the United States and members of the European Union, who have also attributed cyber incidents to Russian intelligence units.
APT28 has been an active player in Russia’s broader hybrid warfare strategy, frequently used to collect intelligence, disrupt democratic processes, or exert geopolitical pressure. In the context of the Ukraine conflict, the group has been linked to cyberattacks on Ukrainian energy infrastructure, transport networks, and public communications systems.
France’s attribution also emphasises a shift in national cyber defence strategy, where attribution is no longer viewed as a covert or classified determination but instead is publicly announced to expose state-sponsored actors and mobilise collective deterrence.
What Role Did APT28 Play in the Paris 2024 Olympics?
While the Paris 2024 Games concluded last year without direct disruption to public-facing events, France’s cyber agencies revealed that several attempted intrusions were launched by APT28 prior to the event. These efforts included reconnaissance attacks on Olympic digital infrastructure, phishing campaigns targeting Games-affiliated email domains, and attempts to install malware across event logistics providers.
The ransomware attack at the Grand Palais, which served as a key Olympic venue, forced brief operational adjustments. Though the impact was contained, authorities later confirmed that APT28 was responsible for exploiting a known vulnerability in the venue’s email server infrastructure.
The Olympic Games, due to their global visibility and complexity, have increasingly become focal points for cyber-enabled influence and sabotage campaigns. France’s cybersecurity response included close coordination with global partners, including the European Union Agency for Cybersecurity (ENISA) and private sector firms providing threat intelligence.
How Has the European Union Responded to APT28’s Operations?
The European Union has previously imposed sanctions on individuals and organisations associated with APT28. These measures, which include travel bans and asset freezes, were applied in response to attacks conducted against European entities, including the German parliament and institutions in Poland and the Netherlands.
France’s attribution reaffirms the EU’s coordinated approach to countering state-backed cyber threats. It also signals growing support for a unified European cyber defence strategy that integrates information sharing, joint response protocols, and regulatory action to hold threat actors accountable.
What Countermeasures Is France Planning?
Following the attribution, France reiterated its commitment to “anticipate, discourage, and respond” to cyber operations conducted by hostile foreign actors. The Ministry for Europe and Foreign Affairs confirmed that France will expand its cooperation with allied nations to improve cyber intelligence sharing, response coordination, and strategic deterrence.
Domestically, ANSSI has been tasked with leading efforts to strengthen national cybersecurity resilience, particularly across critical infrastructure sectors and public-facing digital services. The French government is also evaluating its legal frameworks to assess whether targeted sanctions, indictments, or asset seizures may be applied in future cyber-related cases.
Additionally, France plans to continue advocating for stronger enforcement of international cyber norms through forums such as the United Nations and the Council of the European Union.
What Are the Broader Implications for France-Russia Relations?
This attribution adds further strain to France–Russia diplomatic relations, already under pressure due to Russia’s ongoing war in Ukraine and accusations of disinformation campaigns across Europe. While France did not directly announce punitive measures beyond the public attribution, officials indicated that further action could be considered in collaboration with international partners.
By taking a firm stance on the issue, France joins a growing list of nations willing to openly name and shame state-linked actors in cyberspace. Analysts say this approach could serve as a deterrent and push for a global framework where digital aggression is met with diplomatic or economic consequences.
Discover more from Business-News-Today.com
Subscribe to get the latest posts sent to your email.
