Cyber Incident Victim: Enercoop
Date:
Jan 2025
Location:
France
Summary
A pro-Russian hacker group known as NoName057(016) conducted distributed denial-of-service (DDoS) attacks against multiple French municipalities, regional institutions, and the energy cooperative Enercoop, temporarily rendering their websites inaccessible. The attacks targeted entities including regional councils, chambers of commerce, city portals, and government departments, with the group claiming retaliation for France's support of Ukraine. Investigations led by Paris prosecutors and domestic intelligence agency DGSI confirmed no data breaches occurred, though several municipalities announced plans to file complaints. The threat actor, active since early 2022, has previously targeted French parliamentary websites and other European institutions using similar disruptive tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The cyberattacks targeting French entities occurred between December 31, 2024, and January 1, 2025, with pro-Russian hacking group NoName057(016) conducting coordinated distributed denial-of-service (DDoS) attacks against multiple French regional governments, municipal services, and businesses. Initial attacks on December 31 affected websites of cities including Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille, along with departmental portals for Landes, Haute-Garonne, French Polynesia, and New Caledonia. The campaign intensified on January 1 with attacks against the Centre-Val de Loire regional council, Hauts-de-France Chamber of Commerce and Industry, Montpellier city portal, Eure and Aude departmental websites, France's Justice Ministry portal, and French energy cooperative Enercoop. These sustained DDoS floods overwhelmed target systems, rendering websites inaccessible through connection saturation. By afternoon on January 1, departmental portals and Enercoop's site remained offline.
Technical impact was confined to service disruption without data compromise, as confirmed by Nice Mayor Christian Estrosi's statement that no data breaches were detected. Paris prosecutors opened an investigation for organized obstruction of automated data processing systems, assigning the case to France's domestic intelligence agency DGSI. Multiple municipalities including Nice and Marseille announced intent to file legal complaints. NoName057(016) claimed responsibility via social media platform X and Telegram, framing the attacks as retaliation for France's support of Ukraine against Russia. The group's message stated they were "presenting DDoS shells as New Year's gifts" to "Russophobic France." Historical context indicates NoName057(016) has operated since March 2022, previously targeting France's National Assembly and Senate websites in 2023, along with institutions across Europe, Canada, Baltic states, and Ukrainian media outlets. The coordinated timing during New Year's celebrations and focus on public service portals amplified disruption while aligning with the group's pattern of symbolic attacks against nations supporting Ukraine.