Cyber Incident Victim: Chambre de commerce et d'industrie des Hauts-de-France
Date:
Feb 2025
Location:
France
Summary
The Chambre de commerce et d'industrie des Hauts-de-France experienced a second pro-Russian cyberattack targeting its official website and two affiliated platforms, following an earlier incident weeks prior. The attack caused temporary morning service disruptions but resulted in no data loss, with systems self-recovering by late morning. The same hacker group claimed responsibility for both incidents, prompting the organization to file police reports and notify the national cybersecurity agency.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Chambre de commerce et d'industrie (CCI) des Hauts-de-France experienced two cyberattacks attributed to a pro-Russian hacker group within a five-week period in early 2025. The initial attack occurred during the overnight hours of January 31 to February 1, targeting the organization's primary website and two affiliated platforms (laho.fr and lesaides.fr). This was followed by a second attack on February 6, 2025, which began at approximately 6:00 AM and disrupted access to the same three websites. The hacking group publicly claimed responsibility for both incidents, identifying themselves as the same perpetrators in each case. During the February attack, website functionality was fully restored by late morning without manual intervention, as systems automatically resumed normal operations around 9:00 AM after three hours of downtime. No data breaches or unauthorized data exfiltration occurred in either incident according to official statements. The cyberattacks exclusively affected public-facing web services without reported impacts on internal systems or critical infrastructure.
The CCI implemented identical response protocols following both security incidents. Organization officials filed formal complaints with the French Gendarmerie to initiate criminal investigations into the attacks. Simultaneously, the CCI reported both events to France's National Cybersecurity Agency (ANSSI) in accordance with national incident reporting requirements. Technical recovery measures were not detailed publicly, though the February attack's resolution occurred through automated system restoration without external intervention. Operational disruptions were limited to temporary website unavailability during attack windows, with no extended service degradation or secondary impacts described. The repeated targeting by the same threat actor within weeks demonstrated an ongoing threat pattern against the organization's digital assets, though no additional vulnerabilities or subsequent attacks were disclosed beyond these two confirmed incidents.