Cyber Incident Victim: Météo-France

On May 23, 2016, the Météo France weather portal, France's most visited meteorological website, experienced a defacement attack perpetrated by an individual using the alias Amar^SHG (formerly known as Kuroi'SH). The attacker exploited an SQL injection vulnerability in the extranet system of OXYD, Météo France's domain registrar, to gain administrative access. Amar^SHG subsequently replaced the website's content with an anti-war message advocating peace and philosophical reflections on societal imperfections. The defaced page displayed a 500-word statement criticizing war and human fallibility, emphasizing themes of acceptance and resilience despite global conflicts. The hacker claimed the intrusion was straightforward, stating, "I had access to everything," but asserted he did not exfiltrate any data from OXYD's systems. The defacement remained visible for a limited duration before mitigation efforts commenced.

OXYD, the registrar responsible for managing Météo France's domain, responded promptly to the incident by identifying and resolving the SQL injection flaw. Full service restoration occurred within hours of the attack’s discovery, minimizing operational disruption to the weather portal. The attacker’s actions primarily impacted Météo France’s public-facing website availability and reputational integrity, though no customer data compromise or secondary system breaches were reported. Amar^SHG publicly acknowledged the defacement in an interview with Softpedia, framing it as an ideological statement rather than a financially motivated attack. Historical claims by the hacker regarding prior intrusions into NASA’s Kennedy Space Center, Canal+, and a US military domain (usuhs.mil) were unrelated to this incident and did not form part of the confirmed attack vector or impact scope. The event concluded without legal disclosures or follow-on actions documented in available sources.