China in the sights of France in the context of a "virulent" cyberattack

France is currently the subject of a major cyberattack and, in a relatively unprecedented way, the French authorities decided, on Wednesday July 21, to designate a foreign power head-on, indicating that they had identified a modus operandi attributable to a group of hackers traditionally affiliated with China. An approach assumed by the director general of the National Agency for the Security of Information Systems (Anssi), Guillaume Poupard in person, Wednesday, at the end of the morning.

While Paris is usually very withdrawn from this type of public denunciation – unlike the United States, in particular – the announcement of this cyberattack was made in an atypical way through a publication by Mr. Poupard on his LinkedIn account. He considers this attack as "much more serious than winged donkeys and their avatars", in a thinly veiled reference to the Pegasus affair, and refers to a press release from the Government Center for Monitoring, Alerting and Responding to Computer Attacks (CERT), as is customary.

Entitled "APT31 operating mode attack campaign targeting France", this press release dated Wednesday indicates that "a vast compromise campaign affecting many French entities" is "in progress". “Particularly virulent”, it is conducted by “the APT31 operating mode”, it is specified. The word "China" is not written there as such, but cyber specialists consider APT31 (for "Advanced Persistent Threat") as a group of hackers working from this country, generally on behalf of the Chinese state. , and often for purposes of espionage or intellectual property theft.

The targets of this cyberattack have not been specified at this stage by Anssi. But it is their importance, as well as the scale and the gravity of the attack which would have prompted to communicate in this way. According to the investigations carried out by the specialists of the agency, the pirates would have compromised routers "to use them as anonymization relay, prior to the conduct of reconnaissance actions and attacks". Research is underway to establish whether or not these actions have resulted in real compromises since the beginning of 2021.

Investigations regularly opened in France

According to our information, this cyberattack is different from the one that occurred in early March against the Microsoft Exchange messaging service, which affected tens of thousands of American organizations and servers around the world. In a coordinated warning, the United States, the European Union (EU), the United Kingdom, Australia, New Zealand, Canada, Japan, as well as NATO, each their way, officially attributed, on July 19, this attack to China, although the latter has denied any involvement. An attack in which the APT31 and APT40 groups were considered the main perpetrators.

You have 58.59% of this article left to read. The following is for subscribers only.