French government hit by cyberattack - Interior Ministry confirms email systems hit

News
By published

The hackers and their motives remain a mystery

View on National Assembly building in Paris, France, with French and European flags flying.
(Image credit: legna69/ via Getty Images)
  • French Interior Ministry hacked, exposing email servers and internal files
  • The extent of any data theft still unknown
  • APT28 suspected, due to past targeting of French government entities

The French Interior Ministry has confirmed recently suffering a cyberattack, but the consequences are still being determined.

The French Minister of Interior said the attack took place at night, between December 11 and December 12. Email servers were compromised, allowing threat actors to access some document files. However, it is currently unclear if they managed to steal anything and if so - what exactly.

"There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures," Interior Minister Laurent Nuñez told local radio station RTL Radio. "It could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime. At this point, we don't know what it is."

Was it the Russians?

Other than that, details are scarce, as it isn't known exactly who was responsible, or what they were looking for.

Initial reports speculate the attack might have been the work of APT28, an advanced persistent threat actor linked to Russia's Military Intelligence Service (GRU). Also known as Fancy Bear or Forest Blizzard, APT28 has been attributed to many high-profile cyber-espionage campaigns throughout the West.

For example, a recent report from the French National Agency for the Security of Information Systems (ANSSI), APT28 usually targets government agencies, research firms, think-tanks, and businesses in the French Defence Technological and Industrial Base.

They also target aerospace organizations, and other firms in finance and economy. For years, APT28 was targeting Roundcube email servers as well, harvesting vital data from governments and diplomats across North America and Europe.

In July 2025, the UK National Cyber Security Centre (NCSC) warned about APT28 targeting Microsoft 365 accounts with specialized malware called Authentic Antics.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.