Russia-aligned hackers take down French state services in massive DDoS attack

Anonymous Sudan, a Russian-speaking hacktivist group, has claimed responsibility for the severe distributed denial of service (DDoS) attacks that disrupted several French government services on Monday.

In a statement issued on Monday, Prime Minister Gabriel Attal’s office confirmed that a series of DDoS attacks started on Sunday night, hitting multiple government ministry websites. “We have conducted a massive cyberattack on the infrastructure of the French Interministerial Directorate of Digital Affairs (DINUM),” said Anonymous Sudan in an official Telegram channel run by the group. “The damage will be widespread as core digital government endpoints have been hit and the French know the details very well.”

In addition to the DINUM, the group confirmed in the post that the attacks also impacted other French ministries and government organizations including the Directorate General of Civil Aviation, Ministry of Health and Social Affairs, National Geographic Institute, Ministry of Economy, Finance and Industrial and Digital Sovereignty, and Ministry of Ecological Transition and Territorial Cohesion.

The French Prime Minister’s office told local media that a crisis unit had been set up Sunday evening to deploy counter-measures. By Monday, the impact of the attacks had been reduced and access to government websites re-established, it said. Anonymous Sudan, however, claimed that as of Tuesday, the attack was still in full swing. “It’s been over 24 hours and the cyber crisis team they deployed proved useless,” the group added in a Telegram post made on Tuesday. “The attack is still ongoing and we’re chilling while their systems burn.”

Possible retaliation for pro-Ukraine sentiments

Although neither the hacktivist group nor the French government has issued any statement on the motive behind these attacks, experts have been linking the attack to France’s pro-Ukraine position on the Ukraine-Russia conflict. At a recent meeting convening several European leaders, French President Emmanuel Macron suggested a united European effort to resist Russia’s illegal military advances within Ukraine, which did not rule out sending troops to fight alongside the Ukrainian military.

If proven valid, this won’t be Anonymous Sudan’s first nation-state attack as it is known to have acted previously in accordance with pro-Islamist sentiments. In October 2023, the group intervened in the ongoing Israel-Hamas conflict and attacked Israel’s air defense system, known as the Iron Dome. Earlier last week, the group also claimed attacks on Egyptian, Bahranian, and Israeli telecommunication systems with a recently acquired DDoS toolkit. Bahrain had reportedly entered a deal with the group within 48 hours of the attack.

While attacks on Bahrain and Egypt were carried out as a mere show of power, the one on Israel was to display the group’s continued pro-Palestinian position. “Attacks against Israel will continue as they (Israel) continue their genocide campaign on Gaza,” the group had said on March 7, after attacking Israel’s Partner Communications Company.

Partnered DDoS attacks

The group confirmed they carried out the attacks using the partnered DDoS infrastructure, InfraShutdown. Anonymous Sudan’s leader “Crush” announced in February 2024 that the group has partnered with the DDoS-for-hire service and had labeled it as “the pinnacle of bullet-proof cyber dominance”. Anonymous Sudan also used InfraShutdown for last week’s attacks on Bahrainian, Egyptian, and Israeli telecommunication companies. “This attack has been carried out by the @infraShutdown DDoS infrastructure,” the group had messaged after each attack.

While more technical details for the attack on French systems weren’t disclosed by any of the involved parties, CloudFlare’s radar service, a channel that tracks global internet traffic and possible attacks, shows a high volume of DDoS events on French systems starting Sunday at 8 am UTC. FalconFeeds, a threat intelligence provider, reported that the attack was a joint effort that involved, other than Anonymous Sudan, pro-Russian threat actor UserSec, and a threat group named 22C.