Cyber Incident Victim: City of Caen
Date:
Sep 2022
Location:
France
Summary
The municipality of Caen experienced a cyberattack involving malware infiltration into its servers, prompting immediate disconnection from external networks to contain the threat. This led to widespread disruption of municipal services, including website inaccessibility and suspended civil registry operations, with recovery efforts expected to take several days. Specialized cybersecurity teams were engaged to assist in securing systems, marking the first such incident for the local government, which initiated legal proceedings in response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 26, 2022, at approximately 5:00 PM local time, the municipal systems of Caen, Normandy, experienced a cybersecurity incident when malicious software infiltrated the city's servers. The intrusion triggered an automated alert system, which promptly detected the viral activity. In immediate response, municipal authorities initiated a predefined security protocol that severed all external network connections to isolate critical systems and prevent further unauthorized access. Nathalie Bourhis, the city official overseeing Human Resources and Administration, confirmed these containment measures were activated within a short timeframe following the detection. This rapid disconnection from the internet formed the primary defensive action during the initial phase of the incident. Technical teams commenced an assessment to determine the attack's origin, methodology, and potential data compromise. No specific threat actor or motive was identified in initial reports. The incident marked the first recorded cyberattack against Caen's municipal infrastructure, prompting an official declaration of service disruptions across multiple civic functions.
The containment strategy resulted in widespread operational interruptions affecting public services managed by Caen and the broader Caen la Mer metropolitan area. Municipal websites became inaccessible, and the civil registry system—responsible for processing birth, marriage, and death records—was rendered inoperative. All scheduled appointments at the town hall were suspended indefinitely due to the server isolation. Authorities projected service disruptions would persist for multiple days while recovery efforts continued. On September 27, the municipality engaged a specialized cybersecurity firm to assist internal teams in securing networks, analyzing breach vectors, and restoring systems. Legal proceedings were initiated with the city's announcement of its intent to file a formal criminal complaint regarding the attack. No evidence of data exfiltration or ransomware demands was disclosed in initial public statements, though investigations into the attack's full scope remained ongoing at the time of reporting.