Cyber Incident Victim: Parisian court system

In early September 2020, the Paris court system experienced a significant cybersecurity incident involving the Emotet malware. The attack occurred amid a global surge in Emotet activity that prompted warnings from cybersecurity agencies in France, Japan, and New Zealand. Emotet operators employed their characteristic tactic of compromising email accounts to steal legitimate email threads, which were then repurposed to distribute malicious attachments. Specifically targeting French government entities, attackers appended Windows Word documents (.doc) and password-protected ZIP archives to these hijacked email conversations. When recipients opened these attachments—often motivated by the apparent legitimacy of ongoing discussions—their systems became infected. The malware's infiltration of the Paris court network prompted immediate concern among French officials, leading to public acknowledgment of the breach and emergency response measures.

The incident triggered a state of emergency within French government operations. The French Interior Ministry implemented a network-wide block on all Office documents transmitted via email to prevent further infections. France's national cybersecurity agency, ANSSI, issued an official alert on September 7, 2020, urging heightened vigilance across government agencies regarding email attachments. Security researchers noted that while France experienced lower overall Emotet spam volumes compared to Japan and New Zealand during this period, the Paris court infection demonstrated the malware's severe operational impact when successful. The response involved taking affected systems offline to contain lateral movement across networks, as Emotet's design enables it to spread internally and deploy secondary payloads like ransomware. Forensic analysis confirmed the attackers leveraged Emotet's established infection chain, consistent with campaigns observed in other nations during the same timeframe.