Cyber Incident Victim: Montpellier
Date:
Jan 2025
Location:
France
Summary
A pro-Russian hacking group known as NoName057(016) conducted distributed denial-of-service (DDoS) attacks against multiple French municipalities, regional councils, government departments, and businesses, including the city of Montpellier's online portal, causing temporary website outages. The attacks, claimed as retaliation for France's support of Ukraine, flooded targets with traffic but did not result in data breaches or theft. Investigations were opened by Paris prosecutors for organized obstruction of automated data systems, while affected entities like Nice and Marseille announced plans to file complaints. The group, active since 2022, has previously targeted French parliamentary websites and institutions in other Western nations supporting Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between December 31, 2024, and January 1, 2025, pro-Russian hacking group NoName057(016) executed distributed denial-of-service (DDoS) attacks against multiple French municipal, regional, and institutional websites. Initial attacks on December 31 targeted city portals in Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille, alongside departmental websites for Landes, Haute-Garonne, and overseas territories including French Polynesia and New Caledonia. Follow-up attacks on January 1 expanded to the Centre-Val de Loire Regional Council, Hauts-de-France Chamber of Commerce and Industry (CCI), Montpellier’s city portal, and departmental sites for Eure and Aude. France’s Ministry of Justice website and energy cooperative Enercoop’s site were also compromised. The attackers overwhelmed targets with traffic floods, rendering sites inaccessible for extended periods, with several departmental portals still offline by mid-afternoon on January 1.
NoName057(016) claimed responsibility via social media platform X and Telegram, framing the attacks as retaliation for France’s support of Ukraine against Russia. The group explicitly referenced targeting "Russophobic France" with New Year’s "DDoS shells." Forensic analysis confirmed no data exfiltration or breaches occurred, as DDoS tactics disrupt service availability without penetrating data systems. The Paris Prosecutor’s Office opened an organized crime investigation for obstruction of automated data processing systems (STAD), assigning the case to France’s domestic intelligence agency (DGSI). Municipal leaders, including Nice Mayor Christian Estrosi and Marseille’s administration, confirmed intent to file formal complaints, citing no evidence of data compromise. NoName057(016), active since March 2022, has prior history targeting French institutions, including 2023 DDoS attacks against the National Assembly and Senate websites, alongside campaigns against Baltic states, Canadian entities, and Ukrainian media.