Cyber Incident Victim: Aéroport de Clermont-Ferrand-Auvergne

OnWednesday 19 March 2025, the website of Clermont-Ferrand Auvergne airport was hit by a cyberattack that began in the evening and lasted less than two minutes, according to the airport’s own statement. The attack was identified as a distributed denial-of-service (DDoS) incident in which the site was flooded with malicious traffic, causing it to become temporarily unavailable. The airport emphasized that the disruption did not affect its operational systems or flight operations. After the malicious traffic subsided, the site was restored to normal availability. The incident was reported in the local press on 21 March 2025 by Adrien Fillon for La Montagne.

Early awareness of the attack came from a post on X (formerly Twitter) that displayed a screenshot of the defaced webpage bearing an inscription in Russian that read "Aéroport français de Clermont-Ferrand-bye bye." The article notes that the post was likely shared on an encrypted messaging service after it disappeared from X. When contacted, the airport confirmed the interruption of service and attributed the act to a hacker or group known as "Diplomat." The airport added that it had no further information about the identity or location of the attackers. The statement also noted that the website benefits from continuous surveillance and protection provided by an external hosting provider. According to the article, Diplomat had formed alliances with other hacker groups in mid-March and has recently targeted organizations in Spain, Germany, France, Italy, Japan, and Ukraine. Despite the brief outage, the airport reported that the website functioned as before after the attack and that no lasting impact on airport services was observed. The piece concludes by noting that questions remain regarding the attackers’ motives, their number, and any potential future actions, as no additional details have been disclosed.