The website of Charles de Gaulle Airport in Paris has been offline today following what is thought to be a cyberattack perpetrated by the little-known hacktivism gang Dark Storm. The attack is part of an ongoing campaign called #OpFrance targeting online French infrastructure, which has apparently been launched by hacktivists to highlight France’s role as an ex-colonial power in West Africa.
However, security experts say that while the #OpFrance campaign bears some of the hallmarks of past cyber hacktivism operations, it may be a campaign by state-backed Russian cybercriminals seeking to “target and destabilise” French society.
#OpFrance cyberattacks target French online infrastructure
Charles de Gaulle Airport in Paris today became the latest apparent victim of #Opfrance, with its website offline all day, and still down at the time of writing.
Cybercriminal Dark Storm has claimed responsibility, and in a post on Telegram says it felled the site in a DDoS attack. It has used its Telegram channel to publicise other attacks within the same campaign, such as Anonymous Sudan strike against French postal service La Poste, which was crippled yesterday. Anonymous Sudan also used the hashtag #OpFrance in the publicity of the attack.
Tech Monitor has contacted Charles de Gaulle Airport for comment but has yet to receive a response.
Many other cyberattacks bearing the same legend have been carried out against targets France. Dark Storm claims to have knocked the Montpellier Airport website offline while another gang, Mysterious Team, claims to have brought down the French electricity network website and the Université Paris Cité, as well as airports in Calvi, Lille Strasbourg and Toulon. Another ‘Anonymous’ group has allegedly carried out an attack on the country’s health service.
#OpFrance is nothing new. It first emerged online as a hacktivism campaign following the terrorist attack on the editorial offices of the satirical magazine Charlie Hebdo in Paris in 2015. Similarly to the purported reasons for the current campaign, #OpFrance in 2015 was a joint attack on French online resources organised by pro-Islam radical hackers from groups including the United Islamic Cyber force, the Fallaga Team, AnonGhost and the Cyber Caliphate.
Content from our partners
The ongoing #OpFrance operation appears, on the surface, to have similar political goals, with the criminals saying it is a reaction to unrest in several former French colonies in West Africa. The hacktivism gang Mysterious Team spoke to journalists at French technology magazine Numerama explaining its reasons for attacking French infrastructure.
“Our current target is France because it interfered in Niger and Senegal,” the hackers said. “[The French government] also supports the Senegalese government. France could use the army in Niger.”
Is the new #OpFrance what it seems?
However, there may be more to this story than meets the eye. Anonymous Sudan, deeply involved in the current anti-France campaign, is widely assumed to be a shell operation for cybercriminal gang Killnet, which has direct links to the Russian Government. Other hacktivism gangs involved in the campaign appear to be similarly connected.
Dark Storm, for example, speaks in Russian on its Telegram channel and appears to engage in pro-Russian hacktivism campaigns such as those against Sweden and Denmark, which are known to be in relation to the war in Ukraine. One post on Dark Storm’s channel reads “Israel’s leading public transport [online] operator killed. Responsibility for the outage is taken by Bluenet Russia and The Dark Storm Team. Glory to Russia.”
This is an indicator that #OpFrance is more likely to be linked to hackers in Russia than West Africa, explains Oscar Rosengren, an analyst at security intelligence company Paliscope. “The indicators are extremely strong that Russia is using an extensive network of activist groups that act per Russian strategic interests,” Rosengren says. “You can see the Russian presence almost everywhere in West Africa at the moment, including in an ongoing propaganda and disinformation campaign.”
Russian-affiliated hacktivist groups, seem to operate as part of “a big umbrella, that started with Killnet and then attracted several other groups,” he adds.
Taking this into account, it is feasible to assume that Russian state entities and pro-Russian cybercriminals such as Anonymous Sudan or Dark Storm will seek to target or destabilise more of Moscow’s enemies, Rosengren says. “It is likely an emerging pattern that we are currently seeing where the digital environment is used as an effective tool and force multiplier to create havoc in the physical world,” he says.
