Cyber Incident Victim: Naval Group
Date:
May 2023
Location:
France
Summary
A pro-Russia hacktivist group launched a DDoS attack against the French Senate, taking its website offline. The incident was part of a broader campaign targeting multiple French entities, including the defense company Naval Group, in retaliation for the nation's support of Ukraine. The group publicly claimed responsibility for the attack, which caused significant disruption and required a mobilized response from the Senate's team to restore access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 5, 2023, the pro-Russia hacker group NoName057(16) claimed responsibility for a distributed denial-of-service (DDoS) attack that successfully disrupted the official website of the French Senate. The attack rendered the Senate's website inaccessible, prompting an official response from the institution's communications team. The French Senate confirmed the disruption via a post on the social media platform Twitter, stating that access to its website had been disrupted since the morning of May 5th. The tweet further acknowledged the malfunctions and assured the public that the Senate's technical team was fully mobilized to remedy the situation. An apology for the inconvenience caused by the outage was also issued to users attempting to access the website's services and information.
The NoName057(16) group publicly announced its campaign against French entities through messages on the Telegram messaging platform. The group's stated list of targets for its DDoS attacks included multiple high-profile French organizations. Alongside the French Senate, the group named the French National Institute of Labour, Employment and Vocational Training, the National Center for Space Research of France, and the French defense company Naval Group as intended victims of its offensive cyber operations. The group's motivation for launching these attacks was explicitly stated as a form of retaliation against the French government for its political support of Ukraine amidst the ongoing conflict with Russia.
The incident against the French Senate was not an isolated event but part of a broader campaign by the NoName057(16) collective. The group has been an active participant in pro-Russia hacktivism since at least March 2022, following the onset of the full-scale invasion of Ukraine. Throughout this period, NoName057(16) has established itself as one of the most persistent groups targeting Western organizations, particularly those in nations providing support to Ukraine. Its primary modus operandi has been the deployment of DDoS attacks, which are designed to overwhelm a target's web servers with a flood of internet traffic, thereby rendering websites and online services unavailable to legitimate users.
The immediate impact of the attack was the successful takedown of the French Senate's public-facing website. This outage prevented citizens, researchers, and other stakeholders from accessing information and services provided through the senate.fr domain. The disruption represented a temporary degradation of the Senate's public communications capability. The response from the Senate's internal technical team was immediate and focused on containment and recovery. The team worked to identify the source of the malicious traffic, mitigate the flood of requests, and restore normal service operations. The public acknowledgment of the incident via Twitter served as both a notification to users and a status update on the remediation efforts.
The targeting of Naval Group, a major French industrial company specializing in naval defense and marine renewable energy, signified an escalation in target selection beyond purely governmental bodies. As a key contractor for the French Navy and an exporter of military technology, Naval Group represents a strategic asset. While the provided article does not detail the specific impact or success of the DDoS attack against Naval Group's digital infrastructure, its inclusion on the target list indicates the attackers' intent to disrupt entities associated with national defense capabilities. Similarly, the targeting of the National Center for Space Research (CNES) aimed at a critical scientific and technological institution.
The French National Institute of Labour, Employment and Vocational Training was also named as a target, suggesting an intent to broadly disrupt French governmental functions across civil administration, labor, and economic sectors. The attacks were characterized by their timing and public announcement, aligning with a pattern of psychological and information operations intended to generate public attention and demonstrate capability. The group's use of Telegram provided a platform for rapid claims of responsibility, allowing them to control the narrative and amplify the perceived impact of their actions.
The incident exemplifies the continued use of DDoS as a low-cost, high-visibility tool for hacktivist groups to achieve political statements. The technical response required to mitigate such an attack typically involves filtering malicious traffic, often through upstream service providers or cloud-based DDoS protection services, and bolstering server capacity to withstand volumetric attacks. The French Senate's response followed this standard incident containment protocol. The longer-term consequences of the attack primarily involved temporary service disruption and the allocation of internal resources to incident response and recovery. The event highlighted the persistent threat posed by politically motivated cyber groups and their focus on critical national infrastructure and symbolic government institutions in allied nations supporting Ukraine.