Version française: 🇫🇷
ANSSI and its partners at the Cyber Crisis Coordination Center (C4) have observed informatic attacks conducted by APT28 operators between 2021 and 2024. The attackers are publicly linked to the Russian Federation. The APT28 intrusion set has been used againt various entities in France, Europe, Ukraine and North America, in order to collect intelligence. In 2024, the victimology of the campaigns associated with the APT28 intrusion set includes French governmental, diplomatic and research entities. The investigations conducted by ANSSI and its C4 partners led to the identification of several infection chains, which are presented in the document. These attacks continue in the context of the agression started by Russia against Ukraine on the 24th of February 2022.Download the report : Targeting and compromise of french entities using the APT28 intrusion set
