Anonymous Sudan, a Russian-speaking hacktivist group, has claimed the severe distributed denial of service (DDoS) attacks that disrupted several French government services on Monday.
In a statement issued on Monday, Prime Minister Gabriel Attalâs office confirmed that a series of DDoS attacks started on Sunday night, hitting multiple government ministry websites.
âWe have conducted a massive cyberattack on the infrastructure of the French Interministerial Directorate of Digital affairs (DINUM),â said Anonymous Sudan in an official Telegram channel run by the group. âThe damage will be widespread as core digital government endpoints have been hit and the French knows the details very well.â
In addition to the DINUM, the group confirmed in the post that the attacks also impacted other French ministries and government organizations including the Directorate General of Civil Aviation, Ministry of Health and Social Affairs, National Geographic Institute, Ministry of Economy, Finance and Industrial and Digital Sovereignty, and Ministry of Ecological Transition and Territorial Cohesion.
The French Prime Ministerâs office told local media that a crisis unit had been set up Sunday evening to deploy counter-measures. By Monday, the impact of the attacks had been reduced and access to government websites re-established, it said.
Anonymous Sudan, however, claimed that as of Tuesday, the attack was still in full swing. âItâs been over 24 hours and the âcyber crisis team they deployed proved useless,â the group added in a Telegram post made on Tuesday. âThe attack is still ongoing and weâre chilling while their systems burn.â
Although neither the hacktivist group nor the French government have issued any statement on the motive of these attacks, experts have been linking the attack to Franceâs pro-Ukraine position on the Ukraine-Russia conflict.
At a recent meeting convening several European leaders, French President Emmanuel Macron suggested a united European effort to resist Russiaâs illegal military advances within Ukraine, which did not rule out sending troops to fight alongside the Ukrainian military.
If proven valid, this wonât be Anonymous Sudanâs first nation-state attack as it is known to have acted previously in accordance with pro-Islamist sentiments. In October 2023, the group intervened in the ongoing Israel-Hamas conflict and attacked Israelâs air defense system, Iron Dome.
Earlier last week, the group also claimed attacks on Egyptian, Bahranian, and Israeli telecommunication systems with a recently acquired DDoS toolkit. Bahrain had reportedly entered a deal with the group within 48 hours of the attack.
While attacks on Bahrain and Egypt were carried out as a mere show of power, the one on Israel was to display the groupâs continued pro-Palestinian position. âAttacks against Israel will continue as they (Israel) continue their genocide campaign on Gaza,â the group had said on March 7, after attacking Israelâs Partner Communications Company.
The group confirmed they carried out the attacks using the partnered DDoS infrastructure, InfraShutdown. Anonymous Sudanâs leader âCrushâ announced in February 2024 that the group has partnered with the DDoS-for-hire service and had labeled it as âthe pinnacle of bullet-proof cyber dominanceâ.
Anonymous Sudan also used InfraShutdown for last weekâs attacks on Bahrainian, Egyptian, and Israeli telecommunication companies. âThis attack has been carried out by the @infraShutdown DDoS infrastructure,â the group had messaged after each attack.
While more technical details for the attack on French systems werenât disclosed by any of the involved parties, CloudFlareâs radar service, a channel to show global internet traffic and possible attacks, shows a high volume of DDoS events on French systems starting Sunday at 8 am UTC. FalconFeeds, a threat intelligence provider, reported that the attack was a joint effort that involved, other than Anonymous Sudan, pro-Russian threat actor UserSec, and a threat group named 22C.