Cyber Incident Victim: Chambre de commerce et d'industrie des Hauts-de-France
Date:
Jan 2025
Location:
France
Summary
A pro-Russian hacker group known as NoName057(016) conducted distributed denial-of-service (DDoS) attacks against multiple French entities, including the Chambre de commerce et d'industrie des Hauts-de-France, temporarily rendering targeted websites inaccessible. The attacks, claimed as retaliation for France's support of Ukraine, caused operational disruptions but did not involve data breaches or theft. Investigations were initiated by the Paris prosecutor's office and assigned to the DGSI for organized obstruction of automated data processing systems. The same group had previously targeted French parliamentary websites and other European institutions using similar methods.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between December 31, 2024, and January 1, 2025, pro-Russian hackers from the group NoName057(016) executed distributed denial-of-service (DDoS) attacks against multiple French regional governments, municipal portals, and commercial entities. Initial attacks on December 31 targeted the websites of Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille, alongside departmental portals for Landes, Haute-Garonne, Polynésie Française, and Nouvelle-Calédonie. On January 1, the campaign expanded to include the Conseil Régional of Centre-Val de Loire, the Chambre de commerce et d’industrie (CCI) des Hauts-de-France, Montpellier’s city portal, the departments of Eure and Aude, the French Ministry of Justice, and the energy cooperative Enercoop. These attacks overwhelmed targeted sites with artificial traffic, rendering them inaccessible for extended periods—with departmental portals and the Ministry of Justice site still offline by mid-afternoon on January 1.
NoName057(016) publicly claimed responsibility via social media platform X and Telegram, framing the attacks as retaliation for France’s support of Ukraine against Russia. The group described the DDoS strikes as "New Year’s gifts" to "France russophobe," aligning with their established pattern of disruptive operations against nations opposing Russian interests. Forensic analysis confirmed no evidence of data exfiltration or system infiltration, as DDoS tactics solely disrupt service availability. The Paris Prosecutor’s Office initiated an investigation for "entrave à un système de traitement automatisé de données en bande organisée" (organized obstruction of automated data systems), assigning the case to the Direction Générale de la Sécurité Intérieure (DGSI). Municipal leaders, including Nice Mayor Christian Estrosi and Marseille’s administration, confirmed intent to file formal complaints, citing operational disruptions but no data compromise. NoName057(016)’s historical activity—including 2023 DDoS attacks against France’s National Assembly and Senate—demonstrated their recurring focus on French critical infrastructure amid geopolitical tensions.