Russian spies' hacking campaign is 'endangering' French diplomatic interests
France’s cybersecurity agency is warning that a hacking group linked to Russia’s Foreign Intelligence Service (SVR) is endangering the country’s diplomatic interests.
The alert on Wednesday from ANSSI — the Agence Nationale de la Sécurité des Systèmes d’Information (the National Agency for the Security of Information Systems) — confirms several compromises that had previously been publicly reported and attributed to the hacking group that France tracks as Nobelium.
“Western diplomatic entities, such as embassies and Ministries of Foreign Affairs, account for the majority of known Nobelium’s victims,” stated the alert, which confirmed: “French public organizations have been targeted several times by phishing emails sent from foreign institutions previously compromised by Nobelium’s operators.”
These incidents included compromising email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion, although according to ANSSI the hackers weren’t able to access any parts of those networks beyond the compromised inboxes.
But the hackers then used those email accounts in attempts to target other organizations, including France’s Ministry of Foreign Affairs. ANSSI said Nobelium tried to install Cobalt Strike — a penetration testing tool notorious for being abused by malicious actors — to gain remote access to the network, although this was unsuccessful.
Other incidents disclosed by ANSSI included a French diplomat's compromised email account being used to send a malicious message falsely announcing the closure of the French Embassy in South Africa due to an unspecified terror attack.
“In May 2023, an attempt by Nobelium operators to compromise the French Embassy in Romania was detected but was also unsuccessful thanks to the appropriate behavior of the diplomatic staff,” stated ANSSI.
The hackers are focused on capturing strategic intelligence from their government and diplomatic targets, said the French alert. However a number of technology companies have also disclosed being targeted and compromised by the same operators.
Earlier this year, Microsoft confirmed that Nobelium had successfully compromised the email accounts of the company’s senior leaders. Around the same time, Hewlett Packard Enterprise also reported a similar breach.
“The targeting of IT and cybersecurity entities for espionage purposes by Nobelium operators potentially strengthen their offensive capabilities and the threat they represent. The intelligence gathered during recent attacks against IT sector entities could also facilitate Nobelium’s future operations,” warned ANSSI.
The agency said it has observed “a high level of activities linked to Nobelium against the recent backdrop of geopolitical tensions, especially in Europe, in relation to Russia’s aggression against Ukraine. Nobelium’s activities against government and diplomatic entities represent a national security concern and endanger French and European diplomatic interests.”
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.