A simple but effective phishing method
The attack involved sending fraudulent messages via Telegram, a messaging application widely used by parliamentarians. These messages, often sent from already compromised accounts, invited recipients to click on a suspicious link. The message encouraged people to view supposedly urgent content, such as a photo or important information, and then asked to enter a phone number.
The hackers exploited a Telegram feature allowing the creation of integrated applications, thus giving an illusion of legitimacy. Once the information was provided, the attackers immediately took control of the accountsthus accessing all past conversations. This method, although classic, has proven to be devastating.
A well-executed phishing attack
The attackers began with take control of already existing Telegram accountsbelonging to trusted contacts of future victims. This allowed them to send fraudulent messages from these compromised accounts, making the attack credible. Once an account was compromised, the hackers sent personalized messages to the target's contacts, often with enticing or intriguing content. These messages included phrases like “You absolutely have to watch this!” » or “Here’s an important photo”followed by a clickable link. This link gave the impression of being legitimate since it was transmitted by a person known to the victim.
After clicking on the link, victims were redirected to a page imitating a built-in Telegram feature. This page asked people to enter sensitive information, such as their phone number and a login code sent by Telegram, under the guise of validating their identity. By entering this information, the victims unknowingly gave the attackers full access to their Telegram account. The latter not only made it possible to read all past conversations but also to send new malicious messages to other contacts, thus amplifying the scope of the attack.
Once the accounts were compromised by this phishing, the hackers could not only continue to trap other users but also use these accounts to spread malicious information or manipulate confidential data, thereby increasing the risks of disinformation or espionage. The ultimate objective of this attack remains uncertain, but the hackers could seek confidential information exchanged by MPs, particularly on strategic or political issues. Access to this data could be monetized or exploited for blackmail or manipulation purposes.
Potential consequences for national security
Information compromised by this phishing attack could include strategic communications between elected officials, sensitive discussions or even personal contact details. Such a breach could not only expose individuals but also compromise aspects of national security.
The National Assembly reacted by alerting its members, recommending that they change their passwords and activate double authentication. However, this response raises concerns about the proactive preparation of these institutions in the face of growing cyber threats. A deputy reported to Politico : « Elected officials from all political groups had to go to the digital counter for advice. »
State investments and initiatives in cybersecurity
Faced with such incidents, the question of public investment in cybersecurity comes to the fore. According to the latest government data, around 1 billion euros has been dedicated to the national cybersecurity strategycovering initiatives such as the creation of the National Information Systems Security Agency (ANSSI). However, the training of public officials remains a weak point.
Current programs include workshops on password management, recognizing phishing attempts and using multi-factor authentication. However, experts believe that this training should be strengthened and a more rigorous approach adopted to integrate cybersecurity into all levels of institutions.
Information – Strategic anticipation
