Several French government websites have been disrupted by a severe distributed denial of service attack.
A statement from prime minister Gabriel Attal’s office acknowledged that some sites were in trouble as of Sunday night, and mentioned conventional attacks of unprecedented intensity. That language appears to refer to a distributed denial of service attack – and as it happens just such an attack has been detected by Cloudflare’s Radar service. Cloudflare reported an event that started in the small hours of Sunday morning and escalated rapidly, briefly ebbed, then had a resurgence to sustain a significant attack for around six hours.
France’s Direction interministérielle du numérique (DINUM) – the nation’s digital transformation agency – scrambled to erect barriers against the attack.
Anonymous Sudan claimed responsibility for the attack – then asserted that DINUM’s defences were ineffectual and that disruptions continued. Cloudflare’s data suggests spikes in Layer 7 attacks on Monday and Tuesday.
Infosec firm FalconFeeds opined that Anonymous Sudan did not act alone – suggesting it had help from Russia, pro-Russian threat actor UserSec, and a threat group named 22C.
No motive for the attack has been revealed, but French president Emmanuel Macron recently suggested European powers need to contemplate sending troops to fight alongside Ukraine’s military to repel Russia’s illegal invasion.
While that proposal received no diplomatic support, it was condemned by Russian president Vladimir Putin.
Maybe this DDoS is a sign of his displeasure?
That displeasure may also be ongoing. Cloudflare’s Radar reported smaller DDoS attacks last week, though those didn’t make the news or significantly disrupt French government operations.
This past Sunday’s attacks reportedly impacted the prime minister’s department, the civil aviation administration, and the Ministry of the Economy.
At the time of writing, The Register had no problem accessing the sites – save for the news section of gouvernement.fr, which didn’t like loading a feed of all press releases. We checked the many sub-categories and found no mention of the DDoS. DINUM’s site also omitted mention of the incident, focusing instead on initiatives aimed at finding new recruits.