View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 1, 2023updated 04 Sep 2023 9:27am

Charles de Gaulle Airport website offline after suspected ‘#OpFrance’ DDoS cyberattack

A cybercrime campaign targeting France claims to be in retaliation for the nation's colonial past. But experts suspect the hand of Russia.

By Claudia Glover

The website of Charles de Gaulle Airport in Paris has been offline today following what is thought to be a cyberattack perpetrated by the little-known hacktivism gang Dark Storm. The attack is part of an ongoing campaign called #OpFrance targeting online French infrastructure, which has apparently been launched by hacktivists to highlight France’s role as an ex-colonial power in West Africa

Charles de Gaulle Airport
Charles de Gaulle Airport’s website is still offline after a suspected Russian cyberattack. (Photo by olrat/Shutterstock)

However, security experts say that while the #OpFrance campaign bears some of the hallmarks of past cyber hacktivism operations, it may be a campaign by state-backed Russian cybercriminals seeking to “target and destabilise” French society.

#OpFrance cyberattacks target French online infrastructure

Charles de Gaulle Airport in Paris today became the latest apparent victim of #Opfrance, with its website offline all day, and still down at the time of writing.

Cybercriminal Dark Storm has claimed responsibility, and in a post on Telegram says it felled the site in a DDoS attack. It has used its Telegram channel to publicise other attacks within the same campaign, such as Anonymous Sudan strike against French postal service La Poste, which was crippled yesterday. Anonymous Sudan also used the hashtag #OpFrance in the publicity of the attack.

Tech Monitor has contacted Charles de Gaulle Airport for comment but has yet to receive a response.

Many other cyberattacks bearing the same legend have been carried out against targets France. Dark Storm claims to have knocked the Montpellier Airport website offline while another gang, Mysterious Team, claims to have brought down the French electricity network website and the Université Paris Cité, as well as airports in Calvi, Lille Strasbourg and Toulon. Another ‘Anonymous’ group has allegedly carried out an attack on the country’s health service.

#OpFrance is nothing new. It first emerged online as a hacktivism campaign following the terrorist attack on the editorial offices of the satirical magazine Charlie Hebdo in Paris in 2015. Similarly to the purported reasons for the current campaign, #OpFrance in 2015 was a joint attack on French online resources organised by pro-Islam radical hackers from groups including the United Islamic Cyber force, the Fallaga Team, AnonGhost and the Cyber Caliphate. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The ongoing #OpFrance operation appears, on the surface, to have similar political goals, with the criminals saying it is a reaction to unrest in several former French colonies in West Africa. The hacktivism gang Mysterious Team spoke to journalists at French technology magazine Numerama explaining its reasons for attacking French infrastructure.

“Our current target is France because it interfered in Niger and Senegal,” the hackers said. “[The French government] also supports the Senegalese government. France could use the army in Niger.”

Is the new #OpFrance what it seems?

However, there may be more to this story than meets the eye. Anonymous Sudan, deeply involved in the current anti-France campaign, is widely assumed to be a shell operation for cybercriminal gang Killnet, which has direct links to the Russian Government. Other hacktivism gangs involved in the campaign appear to be similarly connected.

Dark Storm, for example, speaks in Russian on its Telegram channel and appears to engage in pro-Russian hacktivism campaigns such as those against Sweden and Denmark, which are known to be in relation to the war in Ukraine. One post on Dark Storm’s channel reads “Israel’s leading public transport [online] operator killed. Responsibility for the outage is taken by Bluenet Russia and The Dark Storm Team. Glory to Russia.”

This is an indicator that #OpFrance is more likely to be linked to hackers in Russia than West Africa, explains Oscar Rosengren, an analyst at security intelligence company Paliscope. “The indicators are extremely strong that Russia is using an extensive network of activist groups that act per Russian strategic interests,” Rosengren says. “You can see the Russian presence almost everywhere in West Africa at the moment, including in an ongoing propaganda and disinformation campaign.”

Russian-affiliated hacktivist groups, seem to operate as part of “a big umbrella, that started with Killnet and then attracted several other groups,” he adds.

Taking this into account, it is feasible to assume that Russian state entities and pro-Russian cybercriminals such as Anonymous Sudan or Dark Storm will seek to target or destabilise more of Moscow’s enemies, Rosengren says. “It is likely an emerging pattern that we are currently seeing where the digital environment is used as an effective tool and force multiplier to create havoc in the physical world,” he says.

Read more: Three Lacroix factories closed after cyberattack

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.