Cyber Incident Victim: Orano
Date:
Apr 2015
Location:
France
Summary
A hacktivist group operating under Operation Green Rights targeted a French nuclear corporation, causing distributed denial-of-service outages on its primary and international websites. The attackers also compromised the World Trade Organization's e-learning platform, exfiltrating approximately 53,000 user email addresses including employee accounts across multiple countries. The collective publicly linked both incidents to their environmental campaign opposing nuclear energy infrastructure projects.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In April and May 2015, Anonymous-affiliated hackers under Operation Green Rights (#OpGreenRights) executed cyberattacks against French nuclear conglomerate Areva (now Orano) and the World Trade Organization (WTO). The campaign began with a distributed denial-of-service (DDoS) attack that temporarily disabled Areva’s primary website (areva.com) in April, followed by additional disruptions to its U.S., Indian, and Mongolian subsidiary websites on May 5, 2015. These actions coincided with Anonymous’ public opposition to Areva’s construction of a nuclear reactor in Flamanville, France, where safety concerns had been raised by regulators. Concurrently, hackers breached the WTO’s e-learning platform (ecampus.wto.org), exfiltrating approximately 53,000 email addresses belonging to site visitors and 2,100 employee email accounts across WTO offices in the U.S., China, Russia, and other nations. The attackers leaked this data via Just Paste It, a platform frequently used by the collective, accompanied by a threatening message vowing to continue attacks. Both incidents were promoted in Anonymous-operated chat rooms and Twitter accounts under #OpGreenRights, though no technical linkage between the Areva and WTO intrusions was disclosed in available reports.
The attacks caused confirmed operational disruptions, with Areva’s websites rendered inaccessible during the DDoS periods and the WTO’s e-learning portal remaining offline for at least one full day post-compromise. Anonymous framed the actions as retaliation against entities perceived as environmental threats, citing precedents such as their 2012–2014 campaigns against Monsanto. No restoration timelines, forensic findings, or mitigation steps from Areva or the WTO were disclosed in the source material. The collective’s statement emphasized persistent intent to “hack and destroy all systems,” though subsequent impacts beyond initial downtime and data exposure were not detailed. Safety criticisms of the Flamanville reactor by French nuclear authorities provided contextual motivation for targeting Areva, while the rationale for including the WTO remained unclear beyond operational parallelism in timing and promotional channels.