ANSSI, France’s information security agency, has attributed targeted cyber attacks against French diplomatic entities to state-sponsored actors with ties to Russia. These attacks, monitored under names like Nobelium and APT29 (Midnight Blizzard), involve sophisticated tactics including phishing campaigns using compromised diplomatic email accounts. ANSSI distinguishes between these threat clusters and another named Dark Halo, associated with the 2020 SolarWinds supply chain attack.
The attackers, identified as using specific codes and techniques, primarily target diplomatic institutions, embassies, and consulates with phishing emails. Recent campaigns in Kyiv and Romania illustrate their modus operandi, attempting to compromise sensitive communications through deceptive themes like a “Diplomatic car for sale.” While some attempts, like the one on the French Embassy in Romania, were unsuccessful, others exploited vulnerabilities in JetBrains TeamCity servers and breached companies like Microsoft and Hewlett Packard Enterprise.
ANSSI warns that these attacks not only strengthen the offensive capabilities of these state-sponsored groups but also pose a continuous threat to cybersecurity entities. The agency highlights ongoing monitoring efforts and the potential for future operations facilitated by intelligence gathered in recent breaches. Additionally, the revelation coincides with Poland’s disclosure of Russian involvement in a DDoS attack on Telewizja Polska during the Euro 2024 soccer tournament, underscoring broader cybersecurity challenges posed by such state-sponsored activities.
Reference:
