The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.
While the attack (detected overnight between Thursday, December 11, and Friday, December 12) allowed the threat actors to gain access to some document files, officials have yet to confirm whether data was stolen.
The ministry has tightened security protocols and strengthened access controls to the information systems used by ministry personnel in response to the breach.
French authorities have also opened an investigation to determine the origin and scope of the attack. Interior Minister Laurent Nuñez noted that investigators are now examining multiple possibilities, including foreign interference, activists seeking to demonstrate vulnerabilities in government systems, or cybercrime.
"There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures," Interior Minister Laurent Nuñez said in a statement shared with RTL Radio.
"It could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime. At this point, we don't know what it is."
The French Interior Ministry supervises police forces and oversees internal security and immigration services, making it a high-value target for state-sponsored hackers and cybercriminals.
In April, France attributed a widespread hacking campaign that targeted or breached a dozen French entities over the last four years to the APT28 hacking group previously linked to Military Unit 26165 of Russia's military intelligence service (GRU).
According to a report issued by the French National Agency for the Security of Information Systems (ANSSI), the list of French organizations attacked by APT28 includes a wide range of targets, such as ministerial entities, local governments, and administrations, research organizations, think-tanks, organizations in the French Defence Technological and Industrial Base, aerospace entities, as well as entities in the economic and financial sector.
Since 2021, APT28 also repeatedly targeted Roundcube e-mail servers in attacks primarily focused on stealing "strategic intelligence" from governmental, diplomatic, and think tanks from North America and multiple European countries, including France and Ukraine.