Menu
Browse

Cyber Threat Actor: Epsilon

Actor Type Location Known Incidents
 Icon
Criminal
France
3 incidents
Profile

Epsilonis a cybercriminal group that operates under the alias Epsilon and has been publicly linked to France. The group’s activities have been observed targeting francophone organizations, with incidents reported in the retail sector involving a sporting goods retailer and in the media sector affecting the BFMTV and RMC television channels. In the retail incident, Epsilon was described as being motivated by financial gain and notoriety, indicating a clear objective of monetary profit combined with seeking recognition. The media intrusion involved the takeover of social media accounts and the posting of messages that were hostile toward Russia and supportive of Palestine, demonstrating an objective that included disrupting normal account operations and disseminating political content.

The group’s tactics, techniques, and procedures have been identified in two distinct patterns. For the retail breach, Epsilon employed an infostealer malware campaign designed to exfiltrate personal data such as customer profiles, purchase histories, segmentation information, and contact details while leaving financial credentials and passwords untouched. This indicates a focus on data collection tools that harvest non‑financial personal information. In the media case, the group’s method consisted of compromising social media accounts, which allowed them to publish unauthorized messages directly from the victims’ profiles; no specific malware or initial access vector was disclosed for this activity. These observations show that Epsilon utilizes both malware‑based data theft and direct account takeover as part of its operational repertoire.

Publicly reported operations attributed to Epsilon include the April 2024 breach of a French sporting goods retailer that compromised the personal data of over four million customers and the March 2024 takeover of BFMTV and RMC social media accounts that resulted in the dissemination of politically charged messages. The retail incident led to the disabling of loyalty account access, forensic investigation, notification to law enforcement and data protection authorities, and public advisories for affected customers. The media intrusion prompted the victim organization to mobilize teams to restore account security, remove the offending content, and initiate legal proceedings to identify the perpetrators. No public sources have linked Epsilon to a state sponsor or a larger criminal consortium, and the group’s affiliations remain unspecified beyond its self‑identified name.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
0 sources