France launches large-scale operation to fight cyber spying ahead of Olympics

French authorities launched a major operation to clean the country’s computer systems of malware believed to have affected several thousand users, “particularly for espionage purposes,” Paris’s top prosecutor announced shortly before the start of the Olympics.

The so-called "disinfection operation" has been underway for a week and will last for several months, according to a Thursday statement by the Paris prosecutor’s office. They did not say whether the operation was specifically tied to the Olympics.

French authorities are investigating a network of bots suspected of infecting several million victims worldwide, including at least 3,000 devices in France with PlugX malware. The primary goal of this campaign is espionage.

PlugX is an old remote access malware that has been around since 2008 and was mostly used by Chinese state-sponsored hacker groups. In 2020, the China-linked hacker group Mustang Panda added a capability to the malware that allowed it to spread to connected USB flash drives.

Earlier in April, researchers at cybersecurity firm Sekoia reported that they seized  a command and control server linked to PlugX and discovered that the malware had spread to more than 170 countries.

Sekoia developed a technical solution to remotely disinfect the victim machines of the botnet, which France and other affected countries will use to clean their networks.

“A few hours after the process began, hundreds of victims had already benefited from the disinfection, primarily in France, but also in Malta, Portugal, Croatia, Slovakia, and Austria,” the Paris prosecutor said.

“On the eve of the Olympic Games' opening, this operation demonstrates the vigilance of various actors, in France and abroad, mobilized to fight all forms of cybercrime, including the most sophisticated.”

France has been facing many security threats ahead of the Olympics, which are set to kick off this week. French Prime Minister Gabriel Attal said on Thursday that cyberattacks on the games are inevitable but France will do everything to limit their impact.

Months before the Olympics, researchers had already observed an increase in influence operations in France — primarily conducted by Russia — but also foreseen other sorts of activity, including espionage, ransomware and disruptive operations.

French authorities also warned of possible terrorist acts and sabotage of their infrastructure.

On Friday, France’s high-speed railway was hit by coordinated “malicious acts” hours before the games’ opening ceremony. A series of sabotage activities, including arson, affected several high-speed lines to the west, north and east of Paris.

The French national rail company, SNCF, canceled a number of trains and is advising travelers "not to go to the station." The company’s president told local media that nearly 800,000 people would be affected by the latest disruptions.