Cyber Incident Victim: Ministère de l'Économie et des Finances
Date:
Jan 2023
Location:
France
Summary
A cyberattack targeted the newly launched unified administrative portal for businesses shortly after its implementation, causing significant disruption. The attack involved a virus generating 10,000 modification requests per second, overwhelming and saturating the system. This led to partial paralysis of economic activity as businesses were unable to submit required administrative declarations. The incident occurred despite prior security testing by the ministry, which described it as a major breach. Services were restored following mitigation efforts by technical teams, though operations were expected to remain degraded for several days. The portal, designed to centralize business lifecycle declarations, had replaced six legacy networks and became mandatory for all corporate formalities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident targeting the newly launched 'guichet unique' administrative portal of France’s Ministry of Economy and Finance (Bercy) occurred in early January 2023, shortly after the platform’s mandatory implementation on January 1. Designed to centralize business registrations, modifications, document submissions, and cessation declarations—replacing six legacy systems under the 2019 Pacte law—the portal experienced a major cyberattack within 48 hours of going live. Attackers deployed a virus that generated approximately 10,000 fraudulent modification requests per second, overwhelming the system and causing severe saturation. This deliberate traffic surge rendered the platform inoperable, paralyzing a critical component of France’s economic infrastructure by preventing businesses from completing legally required administrative procedures. Concurrently, users reported persistent technical issues, including login difficulties, though the ministry clarified these were unrelated bugs rather than direct attack vectors. The disruption persisted for multiple days, compounding operational challenges during the platform’s critical launch phase.
Bercy’s cybersecurity teams responded by isolating the attack vector and implementing an unspecified technical solution to restore service, though the ministry acknowledged operating in a degraded capacity for several days post-recovery. Minister Bruno Le Maire confirmed the attack’s containment and projected full operational normalization by late March 2023. Managed by the National Institute of Industrial Property (INPI), the portal’s compromise directly impacted businesses nationwide, as it had become the sole mandatory channel for corporate lifecycle filings. No data breach or exfiltration was reported; the primary impact stemmed from operational downtime and delayed administrative processing. The ministry emphasized that pre-launch security testing had been conducted but did not identify vulnerabilities exploited in the attack, underscoring the sophistication of the disruption tactic. Service restoration alleviated immediate economic bottlenecks, but the incident highlighted systemic risks associated with centralized digital governance platforms during transitional phases.