Cyber Incident Victim: Conseil départemental de l'Aude
Date:
Jan 2025
Location:
France
Summary
A pro-Russian hacker group known as NoName057(016) conducted distributed denial-of-service (DDoS) attacks against multiple French regional and municipal websites, including the Conseil départemental de l'Aude, temporarily rendering them inaccessible. The attacks, claimed as retaliation for France's support of Ukraine, targeted several departments, cities, and institutions but caused no data breaches or leaks. Paris prosecutors opened an investigation into the incidents, while affected entities like Nice and Marseille announced plans to file complaints. The same group had previously disrupted French parliamentary websites and other European targets using similar methods.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between December 31, 2024, and January 1, 2025, pro-Russian hacking group NoName057(016) executed distributed denial-of-service (DDoS) attacks against multiple French governmental and institutional websites. Initial attacks on December 31 targeted municipal portals including Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille, alongside departmental websites for Landes, Haute-Garonne, and overseas territories French Polynesia and New Caledonia. A second wave occurred on January 1 against Conseil Régional Centre-Val de Loire, Hauts-de-France Chamber of Commerce and Industry, Montpellier city portal, Eure department, Aude department (Conseil Départemental de l'Aude), French energy cooperative Enercoop, and France's Ministry of Justice. Attackers flooded targets with connection requests until systems became nonfunctional, rendering websites inaccessible through the afternoon of January 1. NoName057(016) publicly claimed responsibility via Telegram and X (formerly Twitter), framing the attacks as retaliation against France's support for Ukraine in the Russo-Ukrainian War.
Technical impacts remained confined to temporary service disruptions without evidence of data exfiltration or system compromise. Nice Mayor Christian Estrosi confirmed no detected data breaches on municipal systems, while Marseille officials similarly reported no data loss. Paris Prosecutor's Office initiated a criminal investigation for organized obstruction of automated data processing systems, assigning the case to France's domestic intelligence agency DGSI. Multiple jurisdictions including Nice and Marseille announced intent to file formal complaints. NoName057(016), active since March 2022, previously targeted French Senate and National Assembly websites in 2023 and has conducted similar operations against governmental infrastructure in Canada, Baltic states, and Ukrainian media outlets. The group's operational consistency and geopolitical motivations were explicitly documented in their public communications surrounding the incident.