Cyber Incident Victim: Crédit Agricole
Date:
Feb 2024
Location:
France
Summary
Crédit Agricole experienced a significant cyberattack disrupting its website and mobile banking application for several hours, attributed to a DDoS attack by the Turk Hack Team. The bank confirmed no compromise of its information systems or customer data, though service interruptions affected millions of clients. The hacker group, motivated by political opposition to French arms deliveries to Armenia, claimed responsibility and threatened further attacks on French infrastructure, aligning with their recent targeting of entities like La Poste and Belgian organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 7, 2024, Crédit Agricole’s French website and mobile banking application became inaccessible for several hours due to a cyberattack, disrupting services for its 25 million clients in France. Customers attempting to access the platforms encountered messages stating that “maintenance operations were underway,” though no prior warning had been issued. The outage generated widespread complaints on social media, with users reporting login failures and transaction disruptions. Crédit Agricole initially described the incident as a “technical issue” in responses to customer inquiries but later deleted these messages. By late afternoon, partial service restoration occurred for some users, though full recovery timelines were not specified. The bank confirmed to *Le Parisien* that the disruption resulted from a cyberattack deliberately targeting access to créditagricole.fr and the Ma Banque app, emphasizing no compromise of its information systems or client data had been detected. It issued public apologies for the “particularly disruptive” incident but did not detail technical mitigation steps beyond acknowledging the attack’s containment.
The attack was identified as a distributed denial-of-service (DDoS) campaign overwhelming servers with excessive traffic. Turk Hack Team, a Turkish nationalist hacking collective active since 2022, claimed responsibility via Telegram, vowing to intensify attacks against French banking infrastructure and systems. The group linked its actions to France’s military support for Armenia, referencing Paris’s October 2023 agreement to supply Armenia with unspecified defense equipment amid deteriorating Armenia-Russia relations. Turk Hack Team had previously targeted La Poste’s parcel-tracking and client services on February 6, 2024, and conducted attacks against Belgian entities and France’s ANSSI cybersecurity agency. Crédit Agricole’s incident mirrored these prior disruptions in methodology and political motivation, with the attackers explicitly framing their campaign as retaliation against French foreign policy decisions. No data theft or financial fraud was reported, and the bank’s communications focused solely on service restoration and client reassurance without disclosing operational or forensic details.