Menu
Browse

Cyber Threat Actor: Linker Squad

Actor Type Location Known Incidents
 Icon
Criminal
France
3 incidents
Profile

Linker Squad is a criminal hacking group that has been publicly identified under that alias and is known to operate from France. The group’s activities have focused on media organizations, telecommunications providers and online retail platforms, primarily in France and Spain, with the apparent goal of obtaining personal data for financial gain through resale or sharing on the web. Their observed strategic objective is monetary profit rather than espionage or disruption, as evidenced by statements that the stolen information was intended to be sold and that no passwords or financial details were taken in some incidents when the motive was purely data monetization.

The group's tactics rely on exploiting weak security controls and known web application vulnerabilities. In the French state television breach they took advantage of insufficient safeguards to access and exfiltrate contact databases, while the Orange Spain incident involved the use of SQL injection to compromise web addresses and extract customer records from underlying databases. A separate attack on a TF1 magazine subscription service leveraged a vulnerability in a third‑party shopping tool operated by Viapresse, allowing the attackers to harvest names, postal addresses, email addresses and passwords from nearly two million users. No specific malware families or custom tooling are mentioned in the available sources, indicating that their tooling style consists of standard exploitation techniques such as SQL injection and the abuse of poorly protected third‑party components.

Publicly reported operations attributed to Linker Squad include the April 2015 data theft from France Télévisions that exposed personal information of approximately 127 000 individuals, the January 2015 SQL injection breach of Orange Spain that resulted in the loss of millions of customer records, and the early January 2015 compromise of TF1’s magazine subscription website via Viapresse that affected about 1.9 million shoppers. The group has been described as a black‑hat hacking collective with a history of similar intrusions targeting organizational databases, and no public evidence links them to any state sponsor or larger criminal consortium. Their actions have prompted affected organizations to issue phishing warnings, initiate legal complaints and seek remediation of the exploited vulnerabilities.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
3 sources