Cyber Incident Victim: Conseil régional de la Guadeloupe
Date:
Feb 2024
Location:
France
Summary
The Conseil régional de la Guadeloupe was the victim of a cyberattack attributed to the pro-Russian hacker group NoName057. The group's primary tactic was a DDoS attack, which rendered the regional website unavailable for approximately 25 hours. The attack was motivated by the victim's country's support for Ukraine, a common target for the group which focuses on government sites and critical infrastructure. The collectivity chose not to publicly communicate during the incident to avoid giving a platform to the hackers' motivations and to discourage this form of hacktivism. The website's functionality was successfully restored following the attack period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 14, 2024, the Conseil régional de la Guadeloupe became the target of a cyberattack that rendered its official website inaccessible. The attack was claimed by a pro-Russian, Russian-speaking hacktivist group known as "NoName057". This group is recognized for conducting distributed denial-of-service (DDoS) attacks primarily against nations providing support to Ukraine, with a particular focus on critical operators such as government websites, banks, and energy suppliers. The specific motivation behind targeting the Guadeloupe regional council was not explicitly stated by the attackers in the available reporting, but it aligns with the group's broader pattern of targeting entities in countries opposed to Russian interests. The council's website experienced a total downtime period of 25 hours, beginning at 1:15 AM on Wednesday, February 14th, and lasting until 2:10 AM on Thursday, February 15th, after which service was restored by 2:15 AM that same morning.
In response to the incident, the regional council made a deliberate decision to initially withhold public announcement of the attack. This strategy was employed specifically to avoid lending any media platform or credibility to the hackers' motivations and to discourage this form of hacktivism by denying it the publicity it often seeks. The modus operandi of the NoName057 group is described as being divided into three distinct phases: disinformation, aimed at spreading rumors concerning the war in Ukraine; intimidation, through repeated attacks on the same target; and chaos, executed via multiple DDoS attacks ahead of major events in targeted countries. While the group's tactics were disruptive, there was no indication in the provided information that data was exfiltrated or that ransomware was deployed in this specific incident. The attack was characterized as a DDoS operation, which overloads websites with traffic to force them offline, rather than an intrusion into internal networks or data systems. The restoration of the website concluded the immediate incident, with the council's proactive silence serving as its primary public response strategy.