This April 29, 2025 could remain in the history of French geopolitics. It is indeed on this date that, for the first time, France officially attributed to a State, in this case Russia, several cyber attacks which targeted our country.
While digital technologies have been used for several decades to distance information handling operations, data flights, blocking or destruction of technical infrastructure, it is always difficult to identify the authors and sponsors with certainty. Unlike terrestrial military operations where, using satellites, the analysis of the distinctive signs of uniforms, the nature of the equipment used or even the staff arrested in the field, we can more easily determine the identity of the attacker.
Anxious not to launch accusations lightly, France has therefore always been very cautious in the public appointment of its digital attackers. The official press release from the Ministry of Europe and Foreign Affairs of April 29, 2025 taken up on network X by Minister Jean-Noël Barrot therefore marks a break.
With this publication, France quotes Russia as being at the origin of targeting or compromise of a dozen French entities since 2021. Indicating that these are public services, private companies, as well as a sports organization linked to the organization of the Olympic and Paralympic Games of Paris 2024.
The questioning even dates back to a decade, by designating the intelligence services of the Russian army, the GU, as responsible for the attempt to take control of the branch of the French -speaking TV5MONDE TV channel in 2015. Likewise, the French authorities claim that Moscow is at the origin of what we called the “Macron Leaks”, the exfiltration of the content of the internal messaging presidential election in 2017.
This first award of cyber attack campaigns is therefore an eminently political decision, which is based on technical elements.
This conclusion is the fruit of an expert work which is mainly united within 3 organizations: the Comcyber, which is the authority for cyberfense within the Ministry of Army, the ANSSI (National Agency for Information Systems Systems) which ensures the protection of state services and monitors the country’s critical infrastructures, and the DGSE, the external intelligence services which have cyber practice.
Obviously information is shared and overcome with allied countries, and compromise indices can also emanate from private companies that analyze cybermenace.
It is therefore a bundle of clues which is provided at the political level to allow it to graduate its response. This can range from the simple information of French decision-makers, to the transmission of discreet messages by diplomatic means to the opposing authorities concerned until the public display as is the case with this government position, by establishing it as being a hostile action in its own right. Even if, here, the Russian Embassy in Paris issued a denial on April 30.
In its official publication, France designates nebulae which has been active since at least 2004, under different titles (Fancy Bear, APT28, etc.). And the French Center for Response to Incidents (CERT-FR) of the National Cybersecurity Agency (ANSSI) insists at the end of April 2025 on the fact that their actions persisted in the context of the war of aggression triggered by Russia against Ukraine since February 24, 2022.
Of course, France is far from being the only one concerned since these attackers notably targeted in May 2024 the German Social Democratic Party (SPD) by the Chancellor at the time, Olaf Scholz, as well as large industrial groups across the Rhine. Washington had formalized in 2016 the Russian origin of intrusion in the mailbox of the campaign director of Hillary Clinton. And London had pointed to Moscow in 2018 for actions concerning Great Britain.
This decision to formalize the allocation of cyber attacks has several effects. First, it testifies to the expertise of the security services which were able to identify and then reassemble the production chain of cyberattacks. This also makes it possible to document protection devices and strengthen the technical knowledge of the operational staff in charge of cybersecurity.
Then, it is an opportunity to make pedagogy by explaining the risks to encourage companies, administrations and communities but also individuals and staff of these entities to appropriate digital security subjects.
Finally, this gives additional arguments within the framework of international discussions. As soon as one is no longer aware of its victim status and we can have elements to weigh more on the diplomatic scene in the face of interlocutors whose practices have been unmasked (who, on occasion, can also emanate from allies).
