Cyberattack on French Interior Ministry Email Servers
The French Interior Ministry confirmed a cyberattack that compromised its email servers, allowing attackers to access certain document files. In response, the ministry implemented enhanced security protocols and access controls, while an investigation was launched to determine the origin and scope of the breach. Authorities have not yet confirmed whether any data was stolen, and are considering multiple possible motives, including foreign interference, hacktivism, or cybercrime. The Interior Ministry, which oversees police, internal security, and immigration, is considered a high-value target for both state-sponsored and criminal actors.
The incident was reported in several news roundups, highlighting its significance within the broader context of European cybersecurity threats. While attribution has not been established for this specific attack, previous campaigns against French government entities have been linked to Russian state-sponsored groups such as APT28. The breach underscores ongoing concerns about the vulnerability of critical government infrastructure to sophisticated cyber threats and the need for robust incident response and investigation procedures.
Timeline
Dec 15, 2025
French Interior Ministry publicly confirms cyberattack
On December 15, 2025, the cyberattack on the ministry's email servers was publicly confirmed in reporting. The incident was described as affecting a high-value government target responsible for police, internal security, and immigration functions.
Dec 12, 2025
Interior Ministry tightens security and opens investigation
After discovering the intrusion, the ministry strengthened security protocols and access controls and launched an investigation to determine the attack's origin and scope. Authorities said attribution remained undetermined, with possibilities including foreign interference, activist hackers, or cybercriminals.
Dec 12, 2025
French Interior Ministry detects breach of email servers
The French Ministry of the Interior detected a cyberattack overnight between December 11 and 12, 2025, affecting its email servers. Attackers gained access to some document files, indicating a compromise beyond email infrastructure alone.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
Related Stories
French Interior Ministry Email Server Breach and Potential Abuse
Hackers breached the email servers of the French Ministry of the Interior, as confirmed by Interior Minister Laurent Nunez. The attack, detected between December 11 and 12, allowed threat actors to access certain document files, though there is no current evidence of serious data compromise. In response, the ministry has tightened security measures and reinforced access controls for all agents, while an investigation is underway to determine the origin and scope of the breach. Authorities are considering various scenarios, including foreign interference, hacktivism, or cybercrime, and have not yet released technical details about the attack. Following the breach, there are indications that emails sent from the French Ministry of the Interior's domain were used to announce the reopening of BreachForums, a notorious cybercriminal marketplace. This suggests that the attackers may have leveraged their access to the ministry's email infrastructure for further malicious activity, potentially as part of a hacker honeypot or to lend credibility to their communications. The incident highlights the risks associated with compromised government email systems and the potential for such breaches to be exploited in broader cybercriminal operations.
1 months ago
Cyberattack on France’s ANTS portal may have exposed identity document user data
France’s Interior Ministry disclosed a cyberattack on the National Agency for Secure Documents (**ANTS**) portal, `ants.gouv.fr`, the government platform used to manage passport, national ID card, residence permit, and driver’s license applications. Detected on April 15, the incident may have exposed personal data tied to individual and professional accounts, including login identifiers, names, email addresses, dates of birth, and account IDs, with some records also potentially containing postal addresses, places of birth, and phone numbers. Officials said uploaded administrative documents were not compromised and that the exposed data cannot be used to directly access ANTS accounts. French authorities reported the breach to **CNIL**, notified prosecutors, and alerted the national cybersecurity agency as investigators work to determine the scope, origin, and impact of the intrusion. The number of affected users has not been disclosed, but impacted individuals are being notified and urged to watch for suspicious messages. Separately, an unverified threat actor has claimed to be selling a dataset allegedly stolen from ANTS containing roughly **18–19 million** records, heightening concerns over identity theft and fraud if the claim is confirmed.
2 days ago
French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its `Compass` platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about **243,000 people**, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on **multi-factor authentication**, stronger data segmentation, and reduced application exposure. Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about **1.5 million people**. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves **"Ryolait"** allegedly offered the stolen database for sale starting at **$2,000**. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
1 months ago