Cyber Incident Victim: Syndicat Intercommunal dInformatique (SII)
Date:
Dec 2021
Location:
France
Summary
A ransomware attack by the Hive group targeted the Syndicat Intercommunal d’Informatique (SII), an IT service provider supporting multiple municipalities and public entities in Seine-Saint-Denis. The breach disrupted services for several client municipalities, including Tremblay-en-France, Le Blanc-Mesnil, and La Courneuve, as well as Bobigny’s public housing offices and the inter-municipal catering union Siresco. Operational impacts included prolonged website outages, with Siresco’s site remaining offline and Tremblay-en-France temporarily hosting a replacement site. The incident caused significant IT system compromises across the affected public services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the night of December 5-6, 2021, the ransomware group Hive compromised the IT systems of the Syndicat Intercommunal d’Informatique (SII), an IT services provider based in Bobigny, France. The SII supported multiple municipalities within the Department of Seine-Saint-Denis in the Île-de-France region, including its host city of Bobigny (population 54,000). The attack impacted at least three additional municipalities: Tremblay-en-France, Le Blanc-Mesnil, and La Courneuve. Secondary victims included the Bobigny public housing offices and Siresco, an inter-municipal union managing collective catering services. Initial reports indicated unauthorized access to networked systems, though the specific intrusion vector remained unconfirmed.
The attack caused immediate operational disruptions across affected entities. Siresco’s primary website became inaccessible following the incident, while Tremblay-en-France’s official municipal site was replaced with a temporary platform hosted at tremblay-contact.fr. Public access to digital services was impaired, though the full scope of encrypted data or ransom demands was not disclosed in initial reporting. No restoration timelines or technical containment measures were detailed in available sources. The incident highlighted interdependencies within shared-service models, as a single provider compromise cascaded to multiple local governments and affiliated public service organizations.