Cyber Incident Victim: Département des Alpes-Maritimes
Date:
Nov 2022
Location:
France
Summary
The Département des Alpes-Maritimes experienced a cyberattack targeting its IT infrastructure, initially mistaken for a technical malfunction before being identified as malicious. Technical teams disconnected all networks to isolate systems and protect data, while filing a formal complaint and notifying the national data protection authority. Crisis response experts from the department's Digital Services Directorate, supported by Orange Cyberdefense and the national cybersecurity agency, contained the attack to prevent further spread. Preliminary assessments indicated no data compromise and confirmed protection of critical business applications. Despite network disruptions, public services remained operational throughout the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of November 10, 2022, the IT infrastructure of the Département des Alpes-Maritimes in Nice experienced a disruptive event initially perceived as a technical malfunction. By mid-morning, indications emerged that the incident constituted a deliberate cyberattack targeting the department's administrative center, which housed critical functions including the Conseil Départemental and numerous administrative services. The attack propagated across the entirety of the department's computer networks, prompting technical teams to deliberately disconnect all affected systems to contain the threat and safeguard data integrity. This containment measure aimed to isolate the compromised infrastructure and prevent further propagation of malicious activity. Concurrently, the department formally reported the incident to law enforcement by filing a police complaint on November 10 and notified France's data protection authority, the CNIL, in compliance with regulatory obligations.
The department's Digital Services Directorate (DSN) activated a crisis management unit immediately following detection, collaborating with external cybersecurity partners Orange Cyberdefense and France's National Agency for the Security of Information Systems (ANSSI) to analyze and mitigate the attack. By 19:00 on November 10, preliminary assessments indicated the containment measures had prevented unauthorized data exfiltration, with no evidence suggesting compromise of departmental data or critical business applications. Diagnostic efforts to fully evaluate the attack's scope and origin remained ongoing, though the rapid network isolation was credited with limiting operational disruption. Despite the network shutdowns, all public services and departmental functions maintained operational continuity through alternative procedures. Administrative operations at the CADAM center continued without interruption, underscoring the response's effectiveness in preserving essential services while forensic investigations proceeded.