162/68 Thursday, May 1, 2025
France’s Ministry of Foreign Affairs issued a statement on Tuesday accusing APT28, a hacking group linked to Russia’s military intelligence agency (GRU), of carrying out cyberattacks on at least 12 organizations within France over the past four years. The ministry condemned the actions as “destabilizing and dishonorable behavior by a member of the United Nations Security Council,” and as violations of internationally recognized norms of state responsibility in cyberspace, which Russia itself has endorsed.
A report from France’s cybersecurity agency ANSSI revealed that APT28’s targets included government agencies, local administrations, the defense and aerospace industries, think tanks, and the financial sector. The group reportedly used low-cost techniques, such as free hosting services, VPNs, disposable email accounts, and rented servers to conduct phishing attacks and evade detection. Since early 2024, the group has increasingly focused on stealing strategic intelligence from France, Europe, Ukraine, and North America.
APT28, also known as Fancy Bear or Strontium, is a state-sponsored hacking group believed to be responsible for high-profile cyberattacks, including the 2015 breaches of the Democratic National Committee (DNC) and the German Bundestag. The group was indicted by the United States in 2018 and sanctioned by the European Union in 2020. NATO and its allies have jointly condemned APT28’s recent espionage campaigns, stating that Russia’s activities—including sabotage, disinformation, and cyber intrusions—pose a threat to the security of allied nations across the region.
