Hackers flood France with attacks over war support

As France takes a more active role on the global political stage, hacktivists are increasingly targeting the country’s critical infrastructure.

Attacks against French government institutions and critical infrastructure have skyrocketed this year, reports cybersecurity firm Cyble. Hacktivist groups have targeted not only government offices but also key sectors like energy, banking, transportation, and telecommunications.

Researchers have monitored underground communications channels and identified 845 mentions of activities targeting France in the first three months of 2025. Distributed Denial of Service (DDoS) attacks account for 73% of incidents, while Industrial Control Systems (ICS) breaches account for the other 27%.

In December 2024, French infrastructure was targeted by the Holy League, the newly formed hacker alliance consisting of around 70 gangs sworn to attack NATO, Europe, Ukraine, and Israel.

However, the attacks on France escalated to full-scale in January of this year. NoName, a pro-Russian cyber gang, has been the most active group, responsible for 30% of the attacks.

Data shows that threat actors concentrated their attack geography across several key regions in the country. One of the areas highly attacked is Île-de-France, where many strategic economic entities experienced a high number of incidents.

Other regions impacted include Provence-Alpes-Côte d’Azur, Grand Est, and northern and western regions such as Normandy, Pays de la Loire, and Hauts-de-France.

Don’t miss our latest stories on Google News

Hacktivists respond to France's stance on war

The attackers are mainly driven by ideological motives, aiming to put political pressure and disrupt critical services.

“France’s diplomatic role in the conflicts has drawn the ire of pro-Russian and pro-Palestinian hacktivist groups,” Cyble said in a report.

Eight hacktivist groups launched coordinated attacks on at least 10 French targets after the early February announcement of plans to supply Ukraine with Mirage 2000-5 fighter jets.

At least 11 French organizations were hit with DDoS and ICS attacks following the government's March 10th announcement of military aid to Ukraine, funded by interest from frozen Russian assets.

Hacktivists target critical infrastructure

Cybergangs have intensively targeted the country’s critical infrastructure environments, such as energy and wastewater.

The pro-Russian cyber gang Z-Pentest claims to have breached the French hydroelectric power plant's SCADA system. They shared screenshots showing turbine control settings, power output data, water flow rates, and generator synchronization parameters.

The gang, claiming to be from Serbia, came onto the cybercrime radar in October 2024. While being fresh on the scene, it has been actively targeting the US energy and water sectors. In one incident, the hackers attacked a water treatment plant in Stanton, Texas, opening valves and releasing untreated water.

Another cybergang that, according to Cyble research, has been actively attacking France is Sector16, together with the Russian gang OverFlame. Threat actors have claimed to have gained unauthorized access to the control systems of a hydroelectric facility in southern France.

Meanwhile, the Golden Falcon Team took responsibility for breaching an application that monitors municipal wastewater sanitation in France. The group released screenshots showing key control metrics, such as pH levels, temperature, conductivity, and water distribution processes, which are crucial for managing wastewater treatment and public sanitation.

Hacktivist groups actively targeting France in attacks this year include: