Cyber Incident Victim: Conseil de l'emploi, des revenus et de la cohésion sociale
Date:
Apr 2024
Location:
France
Summary
A French government website for employment and social cohesion was compromised by Turkish hackers affiliated with Turkic Hackers Rulez, who defaced the site with messages protesting France's characterization of the ultranationalist Grey Wolves group as terrorists. The attackers displayed the Grey Wolves' logo and criticized perceived double standards regarding Turkic minorities, demanding non-assimilation and solidarity with Uighurs in China. This incident follows previous cyberattacks against French entities by Turkish-linked actors, including temporary disruptions to major financial institutions. The defacement persisted for several hours, echoing the Grey Wolves' prior activities in France, which included vandalism and political violence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On April 7, 2024, the French government website of the Conseil de l'emploi, des revenus et de la cohésion sociale (CERC) was compromised by hackers identifying themselves as "OPJ" and "M3T4L" from the group "Turkic Hackers Rulez." Visitors attempting to access the site were redirected to a defacement message accusing France of labeling the attackers as terrorists and referencing the ultranationalist Turkish group "Loups gris" (Grey Wolves). The message explicitly warned, "If you want to make war against the Grey Wolves, we will not stop our attacks on your government sites," while criticizing French policies toward Turkish identity. A Grey Wolves logo accompanied the text, confirming the attackers' claimed affiliation with this paramilitary organization linked to Turkey’s Nationalist Movement Party (MHP). By 5:00 PM on the same day, the hackers updated the defacement with additional rhetoric condemning Turks who "boycott Palestine" but fail to support Uyghurs in China, reinforcing their ultranationalist ideology. The attack remained active at the time of reporting, with no publicized restoration timeline for the CERC site.
The Grey Wolves, founded in 1968, had prior involvement in France, including vandalizing Armenian genocide memorials in Décines (Rhône) in November 2020, leading to the group’s dissolution by French authorities in April 2021. During Turkey’s 2023 presidential elections, former Grey Wolves members also assaulted anti-Erdogan activists in France. This cyberattack aligns with a pattern of Turkish-linked operations targeting French entities, including February 6–7, 2024, incidents disrupting La Poste and Crédit Agricole’s websites and applications for several hours. The CERC breach underscores persistent tensions between French institutions and Turkish nationalist factions, with immediate operational impacts restricting public access to a government resource. No technical details about the attack vector, data compromise, or formal response from CERC officials were disclosed in available reporting.