China watchFrance Accuses China of “Vast” Cyberattacks Campaign against French Organizations, Companies

Published 22 July 2021

The director-general of ANSSI, France’s cyber defense agency, said France has been under a sustained and sever cyberattacks by Chinese government hackers since the beginning of the year. France has so far abstained from publicly attributing cyberattacks on its infrastructure or on French companies.

France has been under sustained wave of cyberattacks since the beginning of the year and, on Wednesday, 21 July, the French government said that the hacking was the work of Chinese hackers affiliated with the government in Beijing.

The announcement was made the Director General of the National Information Systems Safety Agency (Agence nationale de la sécurité des systèmes d’informations, or ANSSI), Guillaume Poupard.

Poupard hinted that he considered these attacks as “much more serious” the than the spying done by the Pegasus spyware.

Poupard referred to a paper by CERT-FR, also released on Wednesday, charging that the Chinese government-backed hacking group APT31 was “targeting France” with “a vast campaign [aiming to compromise] many French entities.” The cyberattack campaign is currently “in progress”’ it is “particularly virulent,” and it is carried out by “the APT31 procedure.”

Cybersecurity experts say that APT31 is a Chinese hacking group working on behalf of the Chinese state. Many of the group’s activities involve spying or theft of intellectual property.

ANSSI has not identified the targets of this wave of cyberattacks, but the fact that the director of ANSSI came out publicly to warn of the attack is an indication of the magnitude and severity of the attack.

Le Monde reports that the ongoing Chinese attacks on French entities is different from the Chinese attack in early March on the Microsoft Exchange messaging service, which affected several tens of thousands of American organizations, and thousands more around the world.

Investigations of such cyberattacks in France are typically assigned to Section J3 of the Paris Public Prosecutor’s Office, and no announcements to the media are made.

It appears that the French approach is evolving. Already in February, the ANSSI announced it had detected a cyberattack it attributed to Sandworm, a group associated with Russian military intelligence. That attack was relatively small, involving about fifteen French entities.

Wednesday’s charges against China are not at the level of the U.S.“name and shame” approach, but they are an escalation relative to previous French practices.

But unlike President Joe Biden, who has officially, and bluntly, denounced – and warned – Russia and China over their cyberattacks on the United States, President Macron is to say something in public about other countries’ cyberattacks on France.