Cyber Incident Victim: Département Côte-d’Or
Date:
Mar 2025
Location:
France
Summary
The Département Côte-d'Or suffered a massive cyberattack, likely originating from Russia, causing severe disruptions to its website and internal communications to hinder operations. Service gradually resumed later that day after the attack, characterized by 100 million requests per minute saturating systems, but no compromise or leakage of personal data, including social benefit recipients, occurred.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 12, 2025, the Département Côte-d'Or publicly announced via its social media channels that it had been the victim of a massive cyberattack, which it described as "probably of Russian origin." The department's official website, cotedor.fr, experienced severe disruptions starting that Wednesday morning, significantly impacting its online services. The departmental council stated that its teams were mobilized to restore normal operations as quickly as possible. The communications service provided additional details, characterizing the incident as a large-scale attack targeting multiple administrative bodies with the specific objective of blocking internal communications to disrupt their proper functioning. Crucially, the department emphasized that this was not considered a dangerous attack because no data breach or leakage had been detected. The communications service further clarified that the attack had actually commenced three days prior to the public announcement on March 12th, though the department did not disclose the methods used to attribute the probable Russian origin.
By the evening of March 12th, the department reported that the situation was gradually returning to normal, and their website became accessible again. The following day, March 13th, François Sauvadet, President of the Departmental Council, provided more specific technical details to the press. He revealed that the attack involved an overwhelming volume of traffic, stating "We received 100 million requests per minute on our site, which obviously led to saturation." Sauvadet reiterated the earlier confirmation that no leakage of personal data had occurred, specifically mentioning the protection of data belonging to social benefit recipients such as those receiving the RSA. Regarding the attribution, Sauvadet linked the attack to heightened geopolitical tensions, suggesting it was a response to recent statements by the French President which had exacerbated existing strong tensions with Russia. This incident occurred against a backdrop of increasing cyber threats targeting local governments, with the French National Agency for the Security of Information Systems (ANSSI) having recorded 187 cyberattacks against territorial authorities between January 2022 and June 2023.