The Bank of France has been at the heart of intense speculation since a group of hackers, Near2tlg, claimed responsibility for a major cyberattack. According to these hackers, sensitive data was stolen, including personal and strategic information. Faced with these assertions, the institution denies any data theft, while recognizing a minor breach in one of its ancillary systems.
The official version: limited access to an HR extranet
The Banque de France wanted to clarify the situation through an official communication. According to her, there was “no attack on the secure information system”. However, the organization recognizes a occasional exterior access to an extranet dedicated to human resources. This access, described as non-critical, would have been detected and blocked quickly.
Despite these reassuring claims, hackers claim the opposite. They claim to have harvested detailed employee information, including salaries, addresses and positions, as well as data relating to Bank customers.
Sensitive data for sale on criminal forums
The hackers would have put the stolen data for sale on specialized platforms such as BreachForums et Telegram for the sum of 10,000 dollars, after a first attempt at selling for 50,000 dollars. To support their claims, they released a sample of information. This sample would contain in particular a internal presentation describing the Bank's strategic ambitions for 2020.
According to experts, the documents put forward by the hackers do not seem particularly critical. However, the reputation of Near2tlg, known for successful attacks, calls for caution.
A collective of pirates with a worrying history
The Near2tlg group is not unknown in the field of cybercrime. Since his recent appearance, he has claimed responsibility for several high-profile attacks. Among its victims are major actors like SFR, The Pointor even a hospital in Île-de-France, where he allegedly exfiltrated the medical files of 750 000 patients.
These cybercriminals are distinguished by their ability to exploit vulnerabilities in computer systems and their well-orchestrated communication. On Telegram, they continue to tout their loot to attract potential buyers.
A case that highlights cybersecurity issues
This case highlights the urgency of strengthening security protocols for public and financial institutions. Although the Bank of France downplayed the incident, cyberattacks targeting critical infrastructure are increasing. The consequences of such intrusions can go far beyond data loss, threatening economic stability and public trust.
As speculation continues, one question remains: are the hackers bluffing to sell non-sensitive information, or is the Bank of France hiding the extent of the damage? The answer could influence future strategies to combat cybercrime.