by Giuseppe Gagliano Generally, the French National Agency for the Security of Information Systems (Anssi) is careful not to attribute the origin of hacker attacks. The article by Giuseppe Gagliano
The French National Information Systems Security Agency [ANSSI] has just sounded an alarm over a "vast campaign of compromise affecting many French entities". This "particularly virulent" attack is "still ongoing", and allegedly led by the APT31 cyber hacker group. “Investigations show that this modus operandi compromises routers to use them as anonymization relays, before carrying out reconnaissance and attack actions. Markers are thus provided, coming from routers compromised by the attacker, to allow compromises to be searched [from the beginning of 2021] and detected ", explains ANSSI, which asks to send" any incident discovered in relation to this campaign " . However, according to cybersecurity firm FireEye, APT31's mission is "to gather information to provide political, economic and military benefits to state-owned enterprises and the Chinese government." Its targets are generally administrations, financial institutions and companies in the defense, aerospace and even telecommunications sectors. Generally, ANSSI is careful not to attribute the origin of cyber attacks. Thus, last February, he reported on a "campaign to attack the 'Sandworm' operating mode against Centreon servers", without explicitly designating Russia, while the aforementioned group had already been accused by the United States. In his latest advisory, he also does not blame China directly, but only the hacker group he has identified. After the indictment, a technical act, comes the attribution, a political act that can vary according to the geopolitical situation or other interests, and that can be made public, as Americans do, or be denounced in private and remain secret . Sometimes I accompany political authorities in complicated countries to which they say: "We have discovered you up to now, what you are doing is unacceptable". Choosing a non-public communication channel is probably the optimal efficiency that can be achieved, also recently explained by Guillaume Poupard, director of ANSSI, during a parliamentary hearing. The alert issued by the French cybersecurity agency comes after NATO denounced China's "harmful activities" in cyberspace and the United States, with the support of their partners in the so-called "Five Eyes" circle. , Australia, Canada, New Zealand].
• July 27, 2021