Cyber Incident Victim: Communauté urbaine du Grand Reims
Date:
Sep 2024
Location:
France
Summary
A pro-Russian hacker group, NoName057, conducted distributed denial-of-service (DDoS) attacks targeting the Grand Reims' website and multiple French institutions, including Montpellier's municipal site, regional councils, aerospace companies, and financial entities. The attacks saturated server traffic to render sites inaccessible, motivated by political opposition to France's support for Ukraine. While no data breaches occurred, service disruptions persisted for extended periods. The group publicly claimed responsibility via Telegram, framing the DDoS campaign as "political warfare" against entities they deem "anti-Russian," with prior attacks including incidents against the National Assembly and critical infrastructure. Technical teams worked to restore accessibility amid ongoing disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 3, 2024, the official website of the city and urban community of Reims (Grand Reims) became inaccessible around noon following a distributed denial-of-service (DDoS) attack attributed to the pro-Russian hacker group NoName057(16). The attackers saturated the site's servers with artificially generated traffic, overwhelming its capacity and preventing legitimate access. Municipal authorities confirmed the attack targeted multiple French entities simultaneously, including Reims, Montpellier city services, the Normandy and Nouvelle-Aquitaine regional councils, aerospace companies Daher and ATR, insurer AXA, and a Lille business association. The group publicly claimed responsibility via Telegram channels, framing the coordinated strikes as retaliation against France's support for Ukraine. This incident followed a similar DDoS attack against the University of Reims Champagne-Ardenne (URCA) on September 2, though attribution for that earlier event remained unconfirmed.
Technical analysis by cybersecurity expert Céleste Moreau identified the operation as part of NoName057(16)'s ongoing "DDosia Project," initiated in August 2022 to target nations backing Ukraine. The group characterized these attacks as "political warfare" aimed at disrupting critical infrastructure. Grand Reims' IT teams immediately mobilized to restore service, though municipal communications noted no definitive timeline for full recovery. By evening, the website remained offline with the attack still active, though preliminary assessments indicated no data exfiltration or system compromise beyond service disruption. Historical context revealed the group's prior targeting of French infrastructure, including an April 2024 attack on a hydroelectric plant in Marne and a January 2023 breach of the National Assembly's website. NoName057(16) claimed 10,000 members on Telegram and advertised increasingly sophisticated attack capabilities designed to challenge conventional mitigation strategies like Fail2ban systems.