Cyber Incident Victim: Saint-Nazaire Agglomération
Date:
Apr 2024
Location:
France
Summary
A cyberattack targeted a French municipality and its intercommunal authority, disrupting digital systems and forcing operational adjustments. The incident involved a crypto-virus, prompting emergency measures including manual processing of civil records, temporary suspension of online services like urbanism requests and library loans, and alternative phone channels for urgent water, sanitation, and social services. While critical public acces points remained open, impacts included delayed administrative procedures, halted digital payments for social aid, and restricted new service bookings. Forensic analysis with Orange Cyberdefense and ANSSI specialists is ongoing to secure systems, with no confirmed data exfiltration. Authorities filed a criminal complaint and notified the CNIL.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Tuesday, April 9, 2024, a cyberattack targeted both the City of Saint-Nazaire and Saint-Nazaire Agglomération, disrupting municipal operations. The attack, described as unprecedented in scale and resembling the 2021 crypto-virus incident affecting Angers, prompted immediate activation of crisis protocols. Diagnostic work and system security measures began that day and continued through the following week, with municipal staff shifting to manual processes using paper records and unaffected smartphones. Public-facing services remained operational but required significant adaptations, including temporary phone numbers for urgent water, sanitation, road maintenance, and social services. By Friday, April 12, authorities confirmed they could not yet determine the attack’s full scope or verify whether personal data had been stolen, though they warned residents and employees to remain vigilant against potential information extortion attempts. Critical infrastructure such as school meal programs continued unaffected for three weeks, while birth/death registrations proceeded manually at city hall with delays.
The attack paralyzed digital systems including email servers, internal networks, and standard phone lines, forcing service modifications across multiple departments. The Communal Center for Social Action (CCAS) resumed limited food voucher distribution but suspended cash assistance, energy aid payments, and emergency housing referrals, directing citizens to physical offices for support. Urban planning departments accepted permit applications only in paper format, while library systems halted book lending and returns entirely. Event reservations at cultural venues like the Grand Café and Conservatory required in-person transactions, with new bookings unavailable. Forensic specialists from Orange Cyberdefense and France’s National Cybersecurity Agency (ANSSI) assisted local IT teams in securing systems and assessing damage across nine affiliated communes. Authorities filed formal complaints with Paris prosecutors and the National Data Protection Authority (CNIL), with the Gendarmerie’s specialized cyber unit in Rennes leading the investigation. Municipal council meetings proceeded as scheduled on April 12 without live streaming, reflecting ongoing technical constraints. No timeline existed for full service restoration as of April 12, with officials emphasizing gradual recovery efforts and daily website updates to inform residents.