August 3, 2021

China in the sights of France in the context of a “virulent” cyberattack

France is currently the subject of a major cyberattack and, in a relatively unprecedented manner, the French authorities decided, Wednesday, July 21, to designate a foreign power head-on, indicating that they had identified a modus operandi attributable to a a group of hackers traditionally affiliated with China. An approach assumed by the director general of the National Agency for the security of information systems (Anssi), Guillaume Poupard in person, Wednesday, at the end of the morning.

While Paris is usually very remote from this type of public denunciation – against the backdrop of the United States, in particular – the announcement of this cyberattack was made in an atypical way through a post by Mr. Poupard on his LinkedIn account. A post where he considers this attack as “Much more serious than the winged donkeys and their avatars”, in a thinly veiled reference to the Pegasus affair, and refers to a statement from the Governmental Center for Monitoring, Alert and Response to Computer Attacks (CERT), as is customary.

Entitled “APT31 modus operandi attack campaign targeting France”, this press release dated Wednesday indicates that“A vast campaign of compromise affecting many French entities” is ” In progress “. “Particularly virulent”, it is driven by “The APT31 operating mode”, is it specified. The word “China” is not written there as such, but cyber specialists consider APT31 (for « Advanced Persistent Threat ») as a group of hackers working from this country, generally on behalf of the Chinese state, and often for purposes of espionage or theft of intellectual property.

Article reserved for our subscribers Read also Tensions between the United States, Russia and China after two major cyberattacks

The targets of this cyberattack have not been specified at this stage by Anssi. But it is their importance, as well as the scale and gravity of the attack that would have prompted such communication. According to the investigations carried out by the specialists of the agency, the hackers would have compromised routers “To use them as an anonymization relay, prior to carrying out reconnaissance and attack actions”. Research is underway to establish whether or not these actions have resulted in real compromises, since the start of 2021.

Investigations regularly opened in France

According to our information, this cyberattack is different from the one that occurred in early March against the Microsoft Exchange messaging service, which affected tens of thousands of American organizations and servers around the world. In a coordinated warning, the United States, the European Union (EU), the United Kingdom, Australia, New Zealand, Canada, Japan, as well as NATO, have each to their manner, officially attributed, on July 19, this attack to China, although this one denied any implication. An attack in which the APT31 and APT40 groups were considered to be the main perpetrators.

You have 58.52% of this article left to read. The rest is for subscribers only.