The devastating “jihadist” cyber-attack which crippled a French television station in April may actually have been the work of sophisticated hackers with links to the Kremlin, French authorities believe.
The invasion of the computers of TV5Monde was claimed by “CyberCaliphate” on behalf of Isis.
French judicial sources said that the “the investigations are at this stage looking towards a group of Russian hackers designated by the name APT28.”
The group, also nick-named “Pawn Storm”, has previously tried to hack into the computers of the White House and those of several Nato governments. It has targeted Russian dissidents and pro-Ukrainian activists.
US authorities suggest that this pattern of activities, and the sophistication of the attacks, implies – without proving – a link with the Russian government.
The attack on TV5Monde, an international Francophone network, knocked the station’s 12 channels off the air for 18 hours on 8 April. An unknown group called CyberCaliphate replaced broadcasts with a black screen and broadcast jihadist propaganda messages on the station’s website and Facebook and Twitter accounts. At the time, the French government spoke of a “terrorist attack”. TV5Monde, which reaches homes in 200 countries, was forced to broadcast old programmes. Its president, Yves Bigot, said that the cyber-assault was “unprecedented in the history of television”.
An investigation by the French news magazine L’Express has claimed French authorities now believed that the attack came through Brazil but originated in Russia. This was confimed by judicial sources talking to the French news agency, Agence France Presse.
L’Express said it had obtained a copy of a confidential report by the French governmnet’s cyber-security agency, L’Agence nationale de la sécurité des systèmes d’information (ANSSI).
The agency’s 15 investigators found that the hackers had painstaking prepared their ground by gradually penetrating the furthest reaches of TV5Monde’s computer systems from January.
Although sent through computer addresses in Brazil, American cyber-security experts told L’Express that the codes used by the group were typed on a keyboard which corresponded with the Russian Cyrillic alphabet and always during office hours in Moscow.
Relations between France and Russia have taken a sharp downward turn since President François Hollande’s decision last year to cancel the delivery of two large warships to Russia as part of western sanctions against Moscow.Reuse content