Cyber Incident Victim: Ville d'Annecy
Date:
Oct 2023
Location:
France
Summary
The Ville d'Annecy experienced a suspected cyber intrusion attempt detected by national cybersecurity authorities, prompting immediate preventive measures that successfully blocked the attack before system-wide propagation. Service disruptions occurred, including temporary inaccessibility of family portals, library systems, and urbanism platforms, alongside public internet suspension in municipal facilities. Staff heightened email vigilance and suspended external storage device usage as investigations into the intrusion vector and origin continued with national support. This incident follows a prior significant cyberattack on the city, after which enhanced security protocols and protective tools had been implemented to mitigate such risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of October 25-26, 2023, the Agence Nationale de Sécurité des Systèmes d’Information (ANSSI) alerted Ville d’Annecy to a potential intrusion targeting its information systems. The city’s IT teams immediately implemented protective measures and initiated system-wide analyses to detect malicious activity. Their security systems successfully blocked the intrusion attempt before it could propagate through the network, preventing widespread compromise. By the morning of October 26, the city’s website displayed a public notice acknowledging an ongoing IT incident disrupting access to certain administrative services, including family portals, library systems, and urban planning platforms. Physical municipal offices remained operational, though digital service interruptions persisted. Preliminary assessments indicated a suspected server intrusion, though investigators had not yet confirmed the attack vector or origin.
The city enacted additional preventive measures, including a planned internet shutdown from October 31 at 17:30 until November 2 at 08:00 to facilitate forensic analysis and system hardening. This disruption extended service limitations for library networks, temporarily halting loans, returns, and registrations at branch locations in Annecy-le-Vieux, Pringy, Metz Tessy, and four other communes, though main libraries maintained limited physical services. External USB drives and hard disks were banned across municipal operations as a precaution, while employees received directives to avoid opening emails or attachments originating from city accounts. ANSSI collaborated with local teams to investigate the incident, with early speculation from regional media suggesting possible ransomware involvement based on the attack’s characteristics and the city’s prior experience with a significant 2021 cyberattack. Full restoration of online services was anticipated by November 2, with ongoing efforts to minimize public inconvenience through incremental recovery measures.