Cyber Incident Victim: Communauté de communes Cœur de Maurienne Arvan
Date:
Jan 2022
Location:
France
Summary
A crypto-virus attack targeted the shared IT infrastructure of a regional administrative body and its partner municipalities, disrupting services across multiple local entities including social services, tourism offices, and town halls. The attack, suspected to originate from foreign-organized crime based on similarities to prior regional incidents, partially compromised systems despite ongoing security measures. Critical data was preserved due to preexisting safeguards, but restoration efforts required extended downtime, rendering online applications inoperable and severing phone communications for most affected offices except one town hall. Emergency contact channels were established for essential services such as childcare, urban planning, and utilities during recovery. Law enforcement initiated an investigation following an official complaint.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 16, 2022, the Cœur de Maurienne Arvan (3CMA) and its partner municipalities experienced a significant cyberattack targeting their shared IT infrastructure. The incident affected servers and networks used by 3CMA, Saint-Jean-de-Maurienne city government, the Intercommunal Center for Social Action (CIAS), and associated communes including Saint-Julien-Montdenis, La Tour-en-Maurienne, and Saint-Pancrace. Attackers deployed a crypto-virus—a form of ransomware—that severely disrupted operations. While the exact origin remained under investigation, authorities noted similarities to previous attacks against Annecy city government and Albertville/Annecy hospitals, which were attributed to foreign-based organized crime groups. The 3CMA president immediately filed a formal complaint, triggering a gendarmerie investigation. Though the organization had implemented a security hardening plan months prior—which partially mitigated the attack and preserved some data—full restoration of systems was projected to require several days.
The attack caused widespread operational disruptions across multiple public services. Online applications for residents became nonfunctional, while telephone communications failed for 3CMA, CIAS, Montagnicimes Tourist Office, Maurienne Country Syndicate, and most affected municipal offices—though Saint-Jean-de-Maurienne's city hall remained reachable. Emergency contact numbers and email addresses were established for critical services including general administration, childcare, youth programs, tourism, urban planning, housing, drinking water management, aquatic center operations, and senior citizen support. Technical teams prioritized restoring service counters and digital tools for impacted departments. The organization committed to providing ongoing updates through its dedicated webpage as recovery efforts continued, acknowledging the extended timeline required for complete system restoration and forensic analysis.