Hackers Compromised French Interior Ministry Email Servers

The French Interior Ministry confirmed a cyberattack on its email servers overnight from December 11 to 12. Attackers accessed ministry documents, prompting tightened security protocols and strengthened access controls across staff information systems.

French authorities launched an investigation to determine the attack's source and scope. Interior Minister Laurent Nuñez said investigators are examining three possibilities: foreign state interference, activists demonstrating government system vulnerabilities, or common cybercrime.

"A cyberattack did indeed take place. The attackers were able to access a number of files. We applied standard defensive procedures," Nuñez told RTL radio. "This could be foreign interference, it could be people who want to challenge the authorities and show they can penetrate systems, or it could be ordinary cybercrime. At this stage, we do not know for sure."

The ministry has not disclosed what documents were accessed or the attack method used.

APT28 Context

In April 2025, France accused Russian-speaking hacker group APT28 of a large-scale campaign that compromised or breached about a dozen French organizations over four years.

France's National Agency for the Security of Information Systems (ANSSI) reported APT28 victims include ministries, local governments, research organizations, think tanks, defense contractors, aerospace companies, and economic and financial sector organizations.

Since 2021, APT28 has regularly attacked Roundcube email servers, primarily targeting "strategic intelligence information" from government, diplomatic, and analytical structures in North America and several European countries.

French authorities have not linked the current Interior Ministry breach to APT28 or any specific threat actor.