By John Irish
PARIS (Reuters) -France’s foreign ministry explicitly accused Russia’s GRU military intelligence agency on Tuesday of mounting cyber attacks on a dozen entities including ministries, defence firms and think tanks since 2021 in an attempt to destabilise France.
The accusations, levelled at GRU unit APT28, which officials said was based in Rostov-on-Don in southern Russia, are not the first by a Western power, but it is the first time Paris has blamed the Russian state on the basis of its own intelligence.
The ministry said in a statement that APT28’s attacks on France go as far back as 2015, when the station TV5 Monde was taken off air in a hack claimed by purported Islamic State militants.
France said APT28 had been behind the attack, and another in the 2017 presidential election when emails linked to the party and campaign of the eventual winner, Emmanuel Macron, were leaked and mixed with disinformation.
According to a report by France’s National Cybersecurity Agency (ANSSI), APT28 has sought to obtain strategic intelligence from entities across Europe and North America.
Officials said the government had decided to go public to keep the public informed at a time of uncertainty in domestic politics and over Russia’s war in Ukraine.
Russia’s embassy in Paris did not respond to a request for comment.
ANSSI said there had been a jump last year in the number of attacks on French ministries, local administrations, defence companies, aerospace firms, think tanks and entities in the financial and economic sector.
They said APT28’s most recent attack was in December, and that some 4,000 cyber attacks had been ascribed to Russian actors in 2024, an increase of 15% on 2023.
“These destabilising activities are unacceptable and unworthy of a permanent member of the United Nations Security Council,” the foreign ministry said.
“Alongside its partners, France is determined to use all means at its disposal to anticipate, deter and respond to Russia’s malicious behaviour in cyberspace.”
APT28 has been active worldwide since at least 2004, primarily in the field of cyberespionage, hacking experts say.
In May 2024, Germany accused APT28 of launching cyber attacks on its defence and aerospace firms and ruling party, as well as targets in other countries.
At the time, Russia’s embassy in Berlin called the accusations “another unfriendly step aimed at inciting anti-Russian sentiments in Germany”.
(Reporting by John Irish; Editing by Sudip Kar-Gupta and)
