France accuses Russia of a decade’s worth of high-profile cyberattacks

France has publicly accused Russia of sponsoring high-profile cyberattacks on French entities for over a decade, including a faked Islamic State takeover and the leak of President Emmanuel Macron’s emails in 2017.
The attacks are attributed to APT28, a Russian military intelligence hacking unit also known as Fancy Bear, which is believed to have been involved in similar activities during the 2016 US presidential election.
France has revealed that the GRU has escalated its cyberattacks against France and other EU members since 2021, targeting entities in government, finance, aerospace, defense, sports organizations, think tanks, and media.
This is the first time France has publicly attributed a cyber attack to a foreign government’s intelligence service, marking a significant shift in diplomatic relations between France and Russia.

France’s President Emmanuel Macron attends a meeting with representatives of the sectors affected by US tariffs, at the Elysee Palace in Paris, on April 3, 2025. | Image: MOHAMMED BADRA/POOL/AFP via Getty Images

In an unprecedented display of diplomatic aggression, French authorities publicly accused Russia of sponsoring several high-profile cyber attacks on French entities for over a decade to gather intelligence and destabilize the country. The incidents include everything from a faked Islamic State takeover of a French television broadcast signal in 2015 to the leak of President Emmanuel Macron’s emails in 2017.

On Tuesday, France’s Foreign Ministry formally attributed those cyberattacks and several others to APT28, a Russian military intelligence (GRU) hacking unit also known as Fancy Bear, best known in America for leaking Hillary Clinton’s emails during the 2016 U.S. presidential election and sustained cyberattacks on U.S. political operations. APT28’s activities in France followed the same playbook: the “Macron leaks” were published the day before France’s presidential election in the hopes of swaying voters, and the faked ISIS broadcast hijacking, which took place in the wake of the 2015 Bataclan terrorist attacks, were intended to “create a panic in France.”

According to the French government, the GRU has escalated its cyberattacks against France and other members of the European Union since 2021, shortly before Russia invaded Ukraine. (Ukraine itself has been a longtime frequent target of Russian cyberwarfare.) The intrusions targeted entities not just in government, but also in finance, aerospace and defense, sports organizations affiliated with the 2024 Paris Olympics, think tanks, and the media. To display its own cyber defense capacities, France revealed the geographical location of one of APT28’s units – a signal that its operators were able to trace the origins of Russian cyber incursions.

This is the first time France has publicly attributed a cyber attack to a foreign government’s intelligence service, according to Le Monde. The diplomatic environment has shifted profoundly, however: Vladimir Putin refuses to end his years-long invasion of Ukraine without getting to keep the territory he’s seized – an untenable position for both Ukraine and the EU, which views Russian territorial gains as a threat to the EU’s geopolitical integrity. Russian cyberattacks pose an additional threat, both to their national security apparatus and election integrity.
In an interview the day before the Ministry’s public declaration, Macron told the media that he believed that France and their Western allies – including President Donald Trump – would increase pressure on Russia “over the next eight to ten days” to accept their terms. He also announced that France and Poland would soon sign a “friendship treaty” that will include joint efforts to combat Russian election interference via cyberattacks and misinformation campaigns in both countries.

link

Q. Who has accused Russia of sponsoring high-profile cyberattacks for over a decade?

A. France’s government, specifically the Foreign Ministry.

Q. What is APT28 also known as in America?

A. Fancy Bear, a Russian military intelligence hacking unit.

Q. Which US presidential election was Fancy Bear involved in leaking emails during?

A. The 2016 U.S. presidential election.

Q. Who published President Emmanuel Macron’s emails in 2017?

A. APT28 (Fancy Bear), a Russian military intelligence hacking unit.

Q. What was the purpose of the faked Islamic State takeover of a French television broadcast signal in 2015?

A. To create panic in France and sway voters before the presidential election.

Q. When did Russia escalate its cyberattacks against France and other EU members?

A. Shortly after invading Ukraine in 2021.

Q. What entities were targeted by Russian cyberattacks, apart from government?

A. Finance, aerospace, defense, sports organizations affiliated with the 2024 Paris Olympics, think tanks, and media.

Q. How did France reveal its own cyber defense capacities?

A. By revealing the geographical location of one of APT28’s units.

Q. What is the significance of this public declaration by France?

A. It marks the first time a French government has publicly attributed a cyber attack to a foreign government’s intelligence service.

Q. What is the current diplomatic environment like between Russia and Western countries, including France?

A. Tense, with Vladimir Putin refusing to end his invasion of Ukraine without getting to keep seized territory, posing an additional threat through Russian cyberattacks.