Cyber Incident Victim: City of Saint-Brevin-les-Pins

On May 24, 2023, the City of Saint-Brevin-les-Pins was targeted by a cyberattack. The attack impacted the municipal government's operations, causing significant disruptions to its services. The incident began on Wednesday, May 24th, coinciding with the hours leading up to a planned support march for the town's resigning mayor, Yannick Morez. The municipality officially acknowledged it was a victim of this attack, though no direct link to the politically charged climate in the commune was established at the time of reporting. The technical and IT unit of the Rennes section of research of the Gendarmerie was immediately tasked with leading the investigation into the incident.

The attack had a direct and immediate impact on the city's administrative functions. By the following day, Thursday, May 25th, the municipality's operations remained heavily perturbed. Critical communication systems were rendered inoperable. All email services and internal telephones were non-functional, with the sole exception of the main standard telephone line. This widespread outage severely hampered the ability of the city's staff to conduct daily business and communicate both internally and with the public. The core of the disruption was linked to the city's servers, which were taken offline by the attack, preventing the normal operation of the services that relied on them.

In its public communications, the city administration stated it was working in conjunction with the National Agency for the Security of Information Systems (ANSSI) and the French state. The primary focus of the mobilized teams was to conduct the necessary investigations and analyses to ensure the servers could be safely restarted. The process was described as requiring a methodical approach to guarantee security before systems could be brought back online. A definitive timeline for a full restoration of services was not available at the time of reporting, indicating the complexity of the incident and the thoroughness of the response effort. To keep citizens informed during the outage, the city directed Brévinois to consult the official municipal website and the city's social media channels for updates.

The nature of the attack was described as potentially being part of a broader national campaign targeting multiple computer servers across France, rather than an isolated incident aimed solely at Saint-Brevin-les-Pins. This characterization suggested the possibility of a widespread malicious software or ransomware campaign affecting numerous entities. The investigative efforts by the Gendarmerie's specialized unit would have been focused on determining the specific attack vector, the type of malware or intrusion method used, and identifying any potential links to other simultaneous attacks elsewhere in the country. The involvement of ANSSI, France's national authority on cybersecurity, underscored the seriousness with which the incident was being treated and provided access to national-level expertise and resources for the response.

The consequences of the attack extended beyond simple technical inconvenience. The paralysis of email and phone systems directly impeded the delivery of municipal services to the town's residents. Any administrative processes requiring internal communication, data access, or digital processing were halted. The inability to provide a concrete date for a return to normal operations created a state of uncertainty for both the city's employees and the populace it serves. The incident highlighted the vulnerability of local government infrastructure to cyber threats and the profound real-world effects such an attack can have on a community's daily functioning. The response protocol, which involved immediately engaging national law enforcement and cybersecurity agencies, demonstrated a structured approach to incident management aimed at containing the damage, understanding the breach, and methodically working towards recovery.