Russia – Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (April 29th 2025)

France condemns in the strongest terms the use by Russia’s military intelligence service (GRU) of the APT28 attack group, at the origin of several cyber attacks on French interests.

Since 2021, this attack group has been used to target or compromise a dozen French entities. These entities are working in the daily lives of French people and include public services, private enterprises as well as a sport organization involved in the 2024 Olympic and Paralympic Games. In the past, this group was also used by GRU in the sabotage of the TV5Monde broadcasting station in 2015, as well as in attempts to destabilize the French elections in 2017.

APT28 is also being used to exert continual pressure on Ukrainian infrastructures amid Russia’s war of aggression against Ukraine, particularly when it is operated out of GRU Unit 20728. Many European partners have also been targeted by APT28 in recent years. In this regard, EU imposed sanctions on the individuals and entities responsible for the attacks conducted with the assistance of this group.

These destabilizing activities are not acceptable or worthy of a permanent member of the United Nations Security Council. Moreover, they are contrary to the UN norms of responsible state behaviour in cyberspace, to which Russia has adhered.

Alongside its partners, France is determined to use all the means at its disposal to anticipate Russia’s malicious behaviour in cyberspace, discourage it and respond to it where necessary.

The French Cybersecurity Agency is publishing a report today on this APT28-linked threat in order to prevent future attacks : https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-007/