Cyber Incident Victim: Sénat

On the morning of Friday, May 5, 2023, public access to the official website of the French Sénat became impossible. The institution first acknowledged the disruption via a post on its official Twitter account, stating, “l'accès au site Internet du Sénat est perturbé […], notre équipe est pleinement mobilisée pour remédier aux dysfonctionnements.” The tweet, posted during the morning hours, also included an apology for the inconvenience caused. This public notification was the first official recognition of an ongoing incident. Shortly after, at approximately 10:20 AM, the pro-Russian hacker collective known as NoName claimed responsibility for the attack on their publicly accessible Telegram channel. The group posted a message in both Russian and English to announce their involvement.

The attack was identified by cybersecurity experts as a distributed denial-of-service (DDoS) attack. Nicolas Hernandez, an expert in cybersecurity and president of the company Aleph Networks, provided analysis, stating, “Il s'agit visiblement d'une attaque par déni de service, en submergeant le site de requêtes.” This technique involves overwhelming a target website with a flood of internet traffic, rendering it unable to function and serve legitimate users. The motive for the attack was explicitly political. In their Telegram message, the NoName collective cited recent French support for Ukraine as the direct reason for targeting the Sénat. They referenced reading in the press that France was working with Ukraine on a new aid plan that could include weapons, as well as statements from the French Minister of Foreign Affairs, Catherine Colonna. The message concluded with the group stating, “nous avons bloqué le site du Sénat français.”

This incident was not an isolated event but part of a broader campaign by pro-Russian hacktivist groups against French institutions. The article notes that just a month and a half prior, in late March 2023, the website of the Assemblée Nationale (the French National Assembly) had been blocked for several hours in an attack also claimed by the NoName collective. The stated motive for that earlier attack was identical: a response to France's support for Ukraine. The context of these attacks was further expanded by referencing Nicolas Quintin, chief analyst of the threat analysis team at Thales, who had explained in late March that NoName was one of approximately 80 pro-Russian hacker collectives targeting institutions in countries supporting Ukraine, with a particular focus on Western European nations. France was described as one of their regular targets, having experienced several such attacks in recent months.

The impact of the attack was the complete unavailability of the Sénat's public-facing website for an undetermined period during the day. The response action from the Sénat itself was limited to the public communication on Twitter and the mobilization of its technical team to remediate the malfunctions. There was no detailed public statement from the Sénat providing further technical specifics about the attack vector, the scale of the traffic, or the exact time of restoration. The article does not report any data breach, exfiltration of sensitive information, or defacement of the website; the impact was solely on availability through a temporary blockade.

The incident occurred within a wider pattern of attacks against French digital infrastructure by these groups. Just two days prior, on Wednesday, May 3, 2023, the websites of several French town halls were attacked by Russian “hacktivists.” In that separate incident, the hackers targeted Abtel, an IT services company based in Nîmes, which hosted the websites for multiple municipalities, including Bry-sur-Marne in Val-de-Marne, Juziers in Yvelines, and Ambérieu-en-Bugey in the Ain department. The attack on the town halls had a different character, involving a defacement rather than just a blockade. The prefecture of Val-de-Marne explained that the hackers had disseminated propaganda messages in Cyrillic on the website of Bry-sur-Marne, which translated to “Respect Russia! Otherwise we will continue to make war on you.” These collectives were described as having proliferated since the Russian invasion of Ukraine and were noted for acting without seeking financial ransom, distinguishing them from traditional cybercriminals and aligning their actions with political motives. The attack on the Sénat was therefore a continuation of a sustained campaign against French public sector websites, with tactics varying between DDoS and website defacement based on the target. The primary consequence was a temporary disruption of public digital services and the dissemination of pro-Russian political messages, aimed at causing inconvenience and generating propaganda value rather than achieving financial gain or stealing data.