Cyber Incident Victim: Conseil régional du Centre-Val de Loire
Date:
Jan 2025
Location:
France
Summary
Pro-Russian hacker group NoName057(016) conducted distributed denial-of-service (DDoS) attacks against multiple French regional and municipal entities, including the Centre-Val de Loire regional council, temporarily rendering their websites inaccessible. The coordinated strikes targeted government portals, chambers of commerce, and energy cooperatives, overwhelming systems with traffic but causing no confirmed data breaches. Paris prosecutors opened an investigation into organized interference with automated data systems, handled by domestic intelligence services. The attackers publicly claimed responsibility, framing the operation as retaliation for France's support of Ukraine in the Russo-Ukrainian conflict. This group has previously disrupted French parliamentary websites and other European institutions using similar methods since early 2022. Multiple municipalities announced plans to file legal complaints following the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between December 31, 2024, and January 1, 2025, pro-Russian hacking group NoName057(016) executed distributed denial-of-service (DDoS) attacks against multiple French regional governments, municipal portals, and commercial entities. The Conseil régional du Centre-Val de Loire was among the primary targets on January 1, alongside the Hauts-de-France Chamber of Commerce and Industry, Montpellier’s city portal, the Eure and Aude departmental websites, and energy cooperative Enercoop. These attacks overwhelmed targeted sites with artificial traffic, rendering them inaccessible for extended periods. The same group had previously attacked the cities of Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille on December 31, along with departmental websites for Landes, Haute-Garonne, French Polynesia, and New Caledonia. NoName057(016) publicly claimed responsibility via social media platform X and Telegram, explicitly framing the attacks as retaliation for France’s support of Ukraine against Russia.
Technical assessments confirmed the attacks exclusively utilized DDoS methods, causing temporary service disruptions but no data exfiltration or system compromise. The Paris prosecutor’s office initiated an investigation for organized obstruction of automated data processing systems, assigning the case to France’s domestic intelligence agency (DGSI). Affected municipalities including Nice and Marseille announced intentions to file legal complaints, with Nice Mayor Christian Estrosi confirming no data breaches were detected. NoName057(016), active since March 2022, has a documented history of similar DDoS campaigns against French institutions, including the National Assembly and Senate in 2023, as well as targets in other NATO-aligned nations. The group’s Telegram statement cited intent to “congratulate the Russophobic French” for the new year with “DDoS shells,” aligning with its pattern of politically motivated disruptive operations.