Cyber Incident Victim: France
Date:
Dec 2024
Location:
France
Summary
A pro-Russian hacker group known as NoName05716 conducted a large-scale distributed denial-of-service (DDoS) attack targeting multiple French municipal websites, including Nouméa in New Caledonia, alongside other cities such as Marseille, Nice, and Nantes. The attacks temporarily rendered official city portals inaccessible by overwhelming servers with excessive traffic, though no data breaches were detected. The group publicly claimed responsibility via Telegram, framing the coordinated strikes as retaliation against "France russophobe" ahead of the new year. While some government-related domains in French territories were also listed as targets, most services were swiftly restored. French authorities, including the Paris prosecutor's office and domestic intelligence agency DGSI, have opened an investigation into the incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 31, 2024, pro-Russian hacking group NoName05716 executed a coordinated distributed denial-of-service (DDoS) attack against multiple French municipal websites, including those of Marseille, Nice, Nantes, Le Havre, Angers, Bordeaux, Pau, Tarbes, and Montpellier. The attackers deliberately overloaded servers hosting official city portals by flooding them with excessive requests, rendering the sites inaccessible to users. Initial disruptions occurred in Marseille and Nice, with subsequent attacks expanding to other cities throughout the day. Technical infrastructure managed by hosting provider OVH, which supported Marseille's municipal sites, activated protective mechanisms that inadvertently compounded the outages. Nice Mayor Christian Estrosi confirmed via social media that no data breaches occurred but reported the incident to France's National Cybersecurity Agency (ANSSI). The Paris prosecutor's office initiated an investigation and assigned the case to the Directorate-General for Internal Security (DGSI), France's domestic intelligence agency.
NoName05716 publicly claimed responsibility on their Telegram channel, framing the attacks as New Year's "gifts" targeting what they termed "France russophobe." Their statement referenced launching "DDoS shells" against government-affiliated domains, specifically naming French Polynesia, New Caledonia, and the Paris Police Prefecture as additional targets. Despite these claims, monitoring indicated most affected sites resumed normal operations relatively quickly, with no persistent compromise of systems. Municipal authorities maintained that the attacks exclusively involved service disruption rather than data exfiltration or system infiltration. The group's Telegram communications emphasized symbolic messaging over technical sophistication, consistent with their prior operations against French parliamentary websites. Security services treated the incidents as part of NoName05716's ongoing campaign to disrupt French digital infrastructure in retaliation for perceived anti-Russian policies.