The French Interior Ministry confirmed a cyberattack on its e-mail servers that was detected overnight between Thursday, December 11, and Friday, December 12, and said attackers were able to access a number of document files. Officials have not yet confirmed whether any data was exfiltrated, and the ministry said it has launched an investigation.
Interior Minister Laurent Nuéz confirmed the breach in a statement shared with RTL Radio and said the ministry implemented its usual protection procedures after detecting the intrusion.
The ministry said it has tightened security protocols and strengthened access controls on information systems used by personnel while investigators work to determine the origin and scope of the attack. Nuéz said authorities are examining several possibilities, including foreign interference, people seeking to demonstrate vulnerabilities, or criminal operators.
The Interior Ministry supervises police forces and oversees internal security and immigration services, making it a high-value target for state-sponsored hackers and cybercriminals. In April, French authorities attributed a widespread hacking campaign to APT28, a group previously linked to Military Unit 26165 of Russia’s military intelligence service.
French cybersecurity agency ANSSI has previously reported that APT28 and similar actors have targeted a wide range of entities including ministerial bodies, local governments, research organizations and defense-related industry, and that since 2021 the group has repeatedly targeted Roundcube e-mail servers to steal strategic intelligence.