Cyber Incident Victim: Agence d’urbanisme de la région de Saint-Nazaire
Date:
Apr 2024
Location:
France
Summary
A cyberattack involving a crypto-virus targeted the municipal services of Saint-Nazaire and its agglomeration, disrupting digital operations and forcing manual workarounds for critical functions. Internal systems, email, phone lines, and online platforms remain offline, affecting services like urban planning, identity document processing, social aid disbursements, and library operations, though in-person services continue with modified protocols. The municipality, assisted by Orange Cyberdefense and France's national cybersecurity agency (ANSSI), is conducting diagnostics and securing systems but cannot yet determine if personal data was exfiltrated. A criminal complaint has been filed, with investigations led by specialized gendarmerie units, while residents are advised to remain vigilant against potential data exploitation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, April 9, 2024, the Ville de Saint-Nazaire and Saint-Nazaire Agglomération suffered a large-scale cyberattack described as an unprecedented aggression against public services. The attack involved a crypto-virus resembling the 2021 incident affecting the City of Angers, though its exact origin remained unidentified. Initial diagnostic efforts and system security measures began immediately, with municipal staff shifting to manual processes using paper documentation and unaffected professional smartphones. Digital infrastructure including email systems, internal servers, and standard telephone lines remained offline, forcing service adaptations across both administrations. Physical public reception areas—including city hall, annex town halls, urban planning offices, childcare centers, the conservatory, and the Grand Café—stayed open to maintain citizen access despite operational disruptions. By Friday, April 12, authorities acknowledged the impossibility of determining the full scope of compromised data or confirming whether personal information was stolen, prompting public advisories about potential extortion attempts.
Response efforts involved collaboration with Orange Cyberdefense specialists and the French National Agency for Information Systems Security (ANSSI), who worked on-site to finalize diagnostics and secure systems. The municipalities filed a criminal complaint with the Paris prosecutor’s office, leading to an investigation by the Rennes gendarmerie’s specialized cyber unit, while the National Data Protection Authority (CNIL) was formally notified. Service impacts included suspended online request processing for urban planning permits, manual civil registry record-keeping with delays, halted library book loans and returns, and canceled Bibliobus routes. Critical social services like cash assistance, energy aid transfers, and emergency housing referrals faced interruptions, though food vouchers resumed distribution the following week. Emergency contact numbers were established for water, sanitation, road maintenance, childcare, and elder care services to manage urgent requests. Restoration timelines remained undefined, with authorities prioritizing gradual service resumption and daily website updates. The April 12 municipal council meeting proceeded without disruption but omitted its live YouTube broadcast due to technical constraints.