The France Ministry of Foreign Affairs explicitly accused the Gru de la Gru de Russia Agency on Tuesday of growing cyber attacks against a dozen entities, including ministries, defense signatures and Think Tanks since 2021 in an attempt to destabilize France.
The accusations, leveled in the Gru Apt28 unit, which the authorities said it was based on Rostov-on-Don in southern Russia, are not the first for a western power, but it is the first time that Paris blamed the Russian state for their own intelligence.
The Ministry said in a statement that APT28 attacks to France date back to 2015, when the TV5 Monde station was removed from the air in a trick claimed by alleged militants of the Islamic State.
France said APT28 had been behind the attack, and another in the 2017 presidential elections when the emails linked to the party and the campaign of the eventual winner, Emmanuel Macron, leaked and mixed with misinformation.
According to a report by the National Cybersecurity Agency of France (ANSSI), APT28 has tried to obtain strategic intelligence of entities in Europe and North America.
The authorities said the government had decided to make public to keep the public informed at a time of uncertainty in internal policy and about the Russian war in Ukraine.
The Russian embassy in Paris did not respond to a request for comments.
ANSSI said there was a jump last year in the number of attacks against French ministries, local administrations, defense companies, aerospace companies, Think Tanks and entities in the financial and economic sector.
They said that the most recent APT28 attack was in December, and that some 4,000 cyber attacks had been attributed to Russian actors in 2024, an increase of 15% in 2023.
“These destabilizing activities are unacceptable and unworthy of a permanent member of the United Nations Security Council,” said the Ministry of Foreign Affairs.
“Together with its partners, France is determined to use all means at your disposal to anticipate, deter and respond to Russia’s malicious behavior in cyberspace.”
APT28 has been active worldwide since at least 2004, mainly in the field of cyberiopionaje, says piracy experts.
In May 2024, Germany accused APT28 of launching cyber attacks against its defense and aerospace firms and ruling party, as well as objectives in other countries.
At that time, the Russian embassy in Berlin described the accusations “Another hostile step destined to encourage antirrusian feelings in Germany.”
