Report: French Ministry of Finance Confirms Hack

The French Ministry of Finance has confirmed a report in a French Magazine on Monday that a widespread hack of computers on its networks occurred.

The French Ministry of Finance has confirmed a report in a French Magazine on Monday that a widespread hack of computers on its networks occurred.

The hack, of over 150 MOF machines has been traced to computers in China and appears to have targeted documents that outline France and the G20’s economic planning documents, including those addressing the issue of global trade imbalances. 

The news was reported first in Paris Match Magazine (Attention: l’article est rédigé en français!) France is currently serving as the Chair of the G20 and has made tackling global trade imbalances a top priority.

Paris Match quoted French Budget Minister Francois Baroin saying that the attack was “spectacular” and involved “a number of messages,” suggesting the attack may have involved phishing e-mail messages, possibly containing malicious files.

The computers affected by the attack have been cleaned and French authorities say they are investigating the incident and have leads on its origins.

The attack, if true, would be just the latest incident of high-profile hacks targeted at high profile government agencies and private firms. The so-called Aurora attacks, which occurred in late 2009, are believed to have compromised the networks of U.S. government agencies, as well as defense contractors, financial services firms and high tech firms, including Google, Adobe and others. Information released with the publication of U.S. diplomatic cables by Wikileaks suggest that the U.S. government believes that hackers backed by the Chinese government were responsible for the attack. French authorities say that, while the trail in the latest attack leads back to servers in China, that it is too early to ascribe blame for the attack to the Chinese government.

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

  • nick on

    Makes me wonder if this is truly Chinese based, or other countries going through China as a scapegoat/tunnel. It's not that I don't doubt China capable and wanting the info, they'd just be an awesome scapegoat and any hacker worth his salt tunnels through compromised machines so as to not release his home location. 

    On the other hand, files full of Chinese language used in the attack would be a strong indicator. Most people think/hack in their mother tongue

  • ner0 on

    I agree that China could simply be a scapegoat, or not. I guess the probability exists for both.
    It happens that I know a lot of coders and programmers (basic understanding to become a hacker) that often think and program in english despite their mother tongue not being english, I suppose it's due to english being one of the most exploited language among cybernauts and software found in electronic devices.
    I also know of a few hackers that poke around the internet mostly in programming forums, other than their own country / language (like chinise ones), in order to copy/paste bits of source-code used in their own malware/rootkits so that it makes it harder to trace back the source based on specific programming profiles and styles. I suppose you can't get specific to the point of an individual but instead lead you to take particular analysis and adopt counter measures onto a specific direction, which could be intentionnaly misleading.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.