Special purpose hacking: hackers claimed theft of French military secrets
Hackers gained access to the data of the French Naval Group— Europe's largest shipbuilding company. Among other things, cybercriminals could have at their disposal the source codes of combat systems used on French frigates and nuclear submarines. Izvestia found out details about a cyberattack that could lead to one of the most serious data leaks in the history of France.
French hacking
Hackers gained access to the internal data of the French defense company Naval Group, which is engaged in the construction of warships. This was reported by the France3 TV channel. A hacker under the pseudonym Neferpitou leaked 13 gigabytes of information to the Network, including French nuclear secrets.
The data includes the source code of combat systems used on French frigates and nuclear submarines, software for weapons systems, simulation environments, network diagrams, and user manuals. The fact that the data was published online was confirmed by cybercrime expert Clement Domicke.
According to analysts, at the moment in France, nuclear weapons are deployed only on airplanes and submarines (and the so-called "nuclear triad" de facto does not exist). This means that the data leak could have been critical and compromised a significant part of the country's nuclear carriers. It called into question the sustainability of the IT circuits of the defense industry and caused alarm both in France and among its international partners.
The Naval Group said they were investigating the incident. "All our teams and all funds are currently mobilized to analyze and verify the authenticity of the origin and ownership of the relevant data as soon as possible. At the moment, no intrusions have been detected in our IT environment, and no consequences for our business have been reported," the defense company said.
However, according to media reports, French intelligence agencies have launched an investigation into a cyberattack that could lead to one of the most serious leaks of military data in the country's history.
Cases in history
There have already been cases in the world when hackers stole important military secrets. In 2020, cyber intruders obtained and encrypted the data of the creators of US nuclear weapons. The operators of the Maze cryptographer attacked two companies at once, acting as contractors for civilian and military aerospace structures in the United States.
The first of them turned out to be VT San Antonio Aerospace, one of the leading American companies engaged in the repair, maintenance and modernization of civil aircraft. The hackers claimed to have stolen 1.5 terabytes of various files, promising that they would be published if the company did not pay the ransom.
The second victim of cybercriminals was Westech, a company engaged in the supply and maintenance of critical components of the American LGM—30G Minuteman III intercontinental ballistic missiles with a nuclear charge. The attack led to the leak of some documentation. It is not known whether there was secret military information there, Security Affairs wrote.
In both cases, the attackers compromised the local networks of the affected companies, extracted various data from there, and then encrypted everything they could and demanded a ransom. Cyber experts called attacks on military contractors a threat to the whole world and noted that the affected companies themselves should bear responsibility for them.
— There are similar hacks, it's just that a small number are publicly known. The situation is changing: if intelligence used to work more and people got data at the risk of their lives by taking pictures on a spy camera with the help of a recruited agent, now it is possible to penetrate the system from thousands of kilometers away," said Ilya Kramnik, an employee of the IMEMO RAS Center for Strategic Planning Studies.
According to him, such attacks can have different purposes — technical espionage, which is actively developing in the world today, or resale to a third party. In this case, the target remains unknown.
France's nuclear weapons
France is the only country in the European Union with nuclear weapons. It has 64 intercontinental missiles with separable warheads (about 300 deployed charges) mounted on four submarines, as well as 60 tactical air-based charges. This puts the country in third place in the world after Russia, the United States and China in terms of the number of nuclear weapons.
According to the Bulletin of Atomic Scientists magazine, France's nuclear arsenal has remained stable in recent years, but the country has carried out large-scale upgrades to submarine-launched ballistic missiles, submarine-launched cruise missiles, aircraft, and the nuclear industrial complex. According to experts, almost all warheads are deployed or ready for deployment, with the exception of 80 decommissioned ones, which are being prepared for dismantling (including about 370 nuclear warheads in the country).
— France is one of the old nuclear powers, the official members of the nuclear club. Compared to Russia and the United States, its arsenal is not very large: several hundred charges. These are, in fact, strategic charges on submarine—launched ballistic missiles and non—strategic cruise missiles with nuclear "stuffing" carried by Rafale fighters," says Ilya Kramnik.
At the same time, he adds, France independently develops both nuclear charges and carriers for them, that is, it has a full cycle of developing appropriate weapons. However, the French media reports are not talking about weapons per se, but about the leak of data from Europe's largest shipbuilding company. The information is related, among other things, to nuclear submarines and nuclear weapons carriers.
— So hacking has an indirect relation to the weapon itself. It primarily concerns ships and submarines. But it is important to understand that France is a NATO country, and the scheme adopted in it for the use of ships and boats is close to those used by alliance partners. This allows the hackers and those behind them to gain additional insight into how, for example, British or American forces of this kind might operate. In other words, the damage extends not only to France, but also to the entire NATO bloc," concludes Ilya Kramnik.
The investigation will show
In the story of hacking in France, it is important to understand that in the original news, Finance3 refers to the Naval Group's statement, which states that the company was subjected to a reputational attack from "cyber-wishers." This means that it is premature to talk about the uniqueness of what happened, says the head of the incident investigation department at the Solar 4RAYS Center (Solar Group) Gennady Sazonov.
According to him, in order to assess the uniqueness of the incident, the fact of the attack must first be confirmed: for example, if a hacker shares part of the stolen data, information security experts, together with the owners of the data, will confirm their authenticity, and incident investigation specialists will publish a technical opinion (report) confirming or refuting the hacking.
In turn, Alexander Samsonov, a leading expert at the Security Code development and testing department, suggests that the hacking was unlikely to be aimed at studying secrets as such — since the data was publicly available, there are probably political motives. At the same time, in terms of the country's security, the damage can be significant, but not critical: it is unlikely that anyone will actually use the stolen information.
"However, hacking and publishing materials will undoubtedly cause a great public outcry, so the damage is likely to be political, financial and reputational," notes Alexander Samsonov.
It is difficult to imagine even the most ideological hacktivist who gained access to so much important information and simply leaked it all online, adds Sergey Polunin, head of the IT infrastructure solutions protection group at Gazinformservice. As a rule, after such high-profile hacks, if they are confirmed, companies take measures to prevent similar events in the future. However, earlier it often turned out that the merged data is not relevant or even fake, so it is worth waiting for the results of the official investigation, the specialist emphasizes.
Переведено сервисом «Яндекс Переводчик»
