Cyber Incident Victim: La Poste
Date:
Dec 2025
Location:
France
Summary
A distributed denial-of-service attack disrupted the information systems of France’s national postal service, rendering its website, mobile app, digital document services, and online banking platform inaccessible, though in-person transactions remained operational. The incident impaired package tracking and digital payment processing during a peak delivery period, while postal workers were unable to access internal systems, though physical mail delivery continued unaffected. The attack prompted an investigation by French intelligence authorities after a pro-Russian hacking group claimed responsibility, though no other actors were confirmed. The disruption coincided with other recent cybersecurity incidents involving French government entities, though no direct link between them has been established.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Monday, December 21, 2025, France’s national postal service, La Poste, experienced a major network incident that disrupted its digital infrastructure and severely impacted operations during the peak holiday shipping season. The company confirmed that a distributed denial-of-service (DDoS) attack rendered its online services inaccessible, affecting the laposte.fr website, the digital document service Digiposte, the mobile application, and the online banking platform operated by its subsidiary, La Banque Postale. Customers were unable to track packages, conduct online payments, or access digital ID services, though in-person transactions at post offices remained functional. The disruption lasted more than twelve hours, with services still not fully restored by Wednesday morning, according to company statements and media reports. The attack coincided with the busiest period of the year, as La Poste anticipated handling nearly 180 million parcels between November and December, and had delivered 2.6 billion packages in the prior year. Postal workers faced frustrated customers unable to complete essential transactions, and the inability to access internal computer systems hindered logistics coordination. La Banque Postale redirected payment approvals to SMS verification as a temporary workaround, but the outage still impeded financial services for millions of users. The incident occurred just three days before Christmas, compounding the operational strain on an already overburdened system. While letters and physical mail delivery continued unaffected, the digital backbone of the organization—critical for modern parcel tracking and payment processing—was effectively paralyzed.
French authorities quickly escalated the response, with Paris prosecutors initiating an investigation and the national intelligence agency, DGSI, assuming control after the cybercrime group Noname057 claimed responsibility for the attack. The group, previously linked to other cyber operations targeting NATO events and French government sites, had been the subject of a major European police operation earlier in the year. Although initial speculation among post office staff and media outlets considered possible motives ranging from disgruntled insiders to Russian state involvement, the official attribution shifted to Noname057 following its public claim. French officials noted the attack’s timing amid a broader pattern of cyber incidents targeting the nation, including a separate breach of the Interior Ministry’s email servers that resulted in the theft of police records and wanted persons data, and the discovery of remote-control malware on an international passenger ferry, leading to the arrest of a Latvian crew member suspected of acting for an unidentified foreign power. The Interior Ministry breach, which occurred the prior week, had already prompted public concern over France’s cybersecurity posture, and the La Poste attack further intensified scrutiny of critical infrastructure vulnerabilities. La Poste emphasized that customer data was not compromised in the DDoS incident, and the company’s statement stressed that the disruption was limited to service availability rather than data integrity or theft. Despite the scale of the outage, no physical damage to infrastructure or long-term system corruption was reported. The company’s public communications, including social media posts and official statements, focused on mobilizing technical teams to restore services and reassuring customers that core postal functions remained operational. The French government, already grappling with allegations of Russian hybrid warfare targeting Western institutions, framed the incident within a broader context of hostile cyber activity aimed at destabilizing societal functions during sensitive periods. No further claims of responsibility emerged beyond Noname057, and no additional actors were publicly identified by authorities. The incident underscored the vulnerability of essential public services to coordinated cyber disruption, particularly during high-demand periods, without altering the fundamental capacity of physical mail delivery.