The French foreign ministry has publicly attributed a series of cyberattacks against national and European interests to APT28, a group linked to Russia's GRU military intelligence. Since 2021, APT28 has targeted French public services, private companies, and entities related to the 2024 Olympics, using espionage tactics like phishing, brute-force attacks, and zero-day vulnerabilities (e.g., CVE-2023-23397). These operations form part of broader Russian cyber activities, especially amid its ongoing war against Ukraine. France condemned these attacks as unacceptable and contrary to international cyber norms, vowing to counter them with all available means.

France’s cybersecurity agency ANSSI and its Cyber Crisis Coordination Center (C4) have tracked APT28 campaigns targeting not only France but also entities in Ukraine, NATO, and the EU. Attack techniques include the use of free hosting and VPN services, compromised routers, and phishing lures that impersonate popular webmail platforms. In 2023 and 2024, APT28 used malware like HeadLace and OceanMap, and services like InfinityFree and Mocky[.]IO, to exfiltrate sensitive data. Additionally, CERT-UA linked another attack group, UAC-0063, to APT28, indicating further Russian state-sponsored espionage against Ukrainian research institutions.

‍

Source: https://industrialcyber.co/critical-infrastructure/french-foreign-ministry-blames-russian-gru-linked-apt28-for-cyberattacks-on-national-entities-urges-global-action/