Cyber Incident Victim: Compagnie d'aménagement des coteaux de Gascogne
Date:
Dec 2023
Location:
France
Summary
The Compagnie d’Aménagement des Coteaux de Gascogne experienced a ransomware attack that compromised its information systems, rendering them inoperable despite existing security measures. The company isolated its networks to contain the intrusion, activated a crisis unit, and engaged cybersecurity experts to investigate and restore services while collaborating with authorities. Operational disruptions included halted email communications, server access, and business software functionality. While infrastructure security remained unaffected, potential extraction of personal data could not be ruled out. The organization advised vigilance against fraudulent communications and maintained ongoing transparency regarding data protection efforts amid recovery operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 10, 2023, the Compagnie d’Aménagement des Coteaux de Gascogne (CACG) experienced a cyber intrusion that disabled its information systems despite existing security measures. The attack rendered critical infrastructure inoperable, prompting immediate isolation of all corporate networks to contain the threat. CACG activated a crisis management unit within hours, notifying relevant authorities and filing a formal legal complaint. Internal IT teams, supported by external cybersecurity experts, initiated forensic investigations to determine the attack’s scope and began secure restoration efforts. Operational disruptions included suspended email communications, blocked server access, and disabled business application software. The company confirmed the incident as a ransomware attack but assured stakeholders that physical infrastructure security—including water management installations like the Arrêt-Darré facility in Hautes-Pyrénées—remained unaffected. Continuity protocols prioritized maintaining essential services while recovery work progressed.
Investigations revealed potential unauthorized extraction of personal data, though no conclusive evidence confirmed data exfiltration. CACG issued public advisories warning partners and clients to scrutinize suspicious calls, emails, or requests for sensitive information such as banking details or passwords, emphasizing that legitimate communications would never solicit such data. The company established a dedicated email channel ([email protected]) for data protection inquiries and maintained telephone availability via standard contact numbers. The incident aligned with a surge in cyberattacks against French entities like Derichebourg and Coaxis, though attribution remained unconfirmed. CACG committed to ongoing transparency through regular updates while focusing on system restoration and operational normalization. Restoration timelines were unspecified, with residual impacts on digital workflows persisting throughout the response phase.