Cyber Incident Victim: Département Eure

The cyberattacks against French regional entities, including the Département Eure, occurred across two days starting December 31, 2024, and continuing into January 1, 2025. On December 31, pro-Russian hacking group NoName057(016) targeted municipal websites of Nantes, Bordeaux, Poitiers, Pau, Nîmes, Nice, Angers, Le Havre, Montpellier, Tarbes, and Marseille, along with departmental portals for Landes, Haute-Garonne, Polynésie Française, and Nouvelle-Calédonie. The attacks escalated on January 1 with additional targets including the Centre-Val de Loire regional council, Hauts-de-France Chamber of Commerce and Industry, Montpellier city portal, and departmental sites for Eure and Aude. Energy cooperative Enercoop and the French Ministry of Justice were also impacted, with multiple sites remaining inaccessible through the afternoon of January 1. Attackers exclusively employed distributed denial-of-service (DDoS) techniques, overwhelming sites with traffic to force outages without compromising data systems.

Paris prosecutors opened an investigation on January 1 for organized obstruction of automated data systems, assigning the case to France's domestic intelligence agency (DGSI). Municipal authorities in Nice and Marseille confirmed plans to file formal complaints, with Nice Mayor Christian Estrosi confirming no data exfiltration occurred. NoName057(016) claimed responsibility via Telegram and X (formerly Twitter), framing the attacks as retaliation for France's support of Ukraine against Russia. The group, active since March 2022, referenced prior DDoS operations against France's National Assembly and Senate in 2023, along with campaigns targeting European, Canadian, Baltic, and Ukrainian institutions. Technical impacts were confined to temporary service disruptions, with no evidence of data theft or persistent network compromise across any affected entities.