French government sites hit with ‘intense’ DDoS attacks

12 Mar 2024

Image: © Ekaterina Pokrovsky/Stock.adobe.com

The hacker group Anonymous Sudan claimed responsibility for the attacks, while one cybersecurity firm claims multiple groups including pro-Russian hackers were behind the disruption.

France has suffered a wave of distributed-denial-of-service (DDoS) attacks, with the presumed goal of disrupting multiple government websites.

The office of prime minister Gabriel Attal told French media that several state bodies were targeted but did not provide specific details of the cyberattack. The office also said the attacks used familiar means but were of “unprecedented intensity”.

Data from Cloudflare suggests the wave of attacks scaled up on Sunday 10 March and dropped again on Monday, before a second smaller wave occurred today (12 March). It is unclear how many government sites were targeted in the attack.

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with high volumes of data from multiple sources. There are a few ways to do this, but a common method employed by attackers is to use multiple compromised computer systems to direct the attack traffic.

The hacker group called Anonymous Sudan claimed responsibility for the DDoS attacks and implied that the attacks were highly effective yesterday. But cybersecurity company FalconFeeds claims the NoName gang was responsible and was assisted by multiple groups including pro-Russian hacker groups.

With various claims of who is responsible for the cyberattack, the motive is not entirely clear. But the attacks follow comments from French president Emmanuelle Macron last week, who is reportedly not ruling out dispatching European troops to Ukraine to defend against Russia’s invasion of the country.

Stephen Robinson, a senior threat intelligence analyst at WithSecure, said DDoS attacks are the “disruption method of choice for hacktivists” due to the simplicity of the attack and its reliance of “brute force” to take a website offline.

“If a target is unprepared then they can cause service disruption, but even an unprepared target can relatively quickly implement DDoS mitigations, assuming they have the funds to do so,” Robinson said.

But despite their simplicity, Robinson noted they can be impactful as services that are taken offline can cause “reputational and financial harm”.

“The tools now available to cybercriminals means that even low-skilled criminals can launch attacks at a scale which was previously unheard of, so both governments and private organisations need to have mitigations in place,” Robinson said.

Multiple reports from last year suggest the scale, intensity and tactics behind DDoS attacks are growing rapidly.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com