The common information system of the French Ministries of Economy and Finance has been the victim of a large-scale cyber-espionage attack.
As frequently observed in other cases, the attack was initiated via spear phishing e-mails, which enclosed a file infected with a malicious code not yet referenced in anti-virus databases. Opening the file enabled a Trojan to install itself on the users’ computers and turn them into entry points to the network for the attackers. The latter have then been able to further infiltrate the information system through these entry points, and forward orders to exfiltrate selected data before covering their tracks.
The level of technical expertise required to conduct this attack reveals that the attackers were organized, determined professionals. Their goal was presumably to gather financial and economic information on France, especially in connection with the G20.
No private individuals’ personal data were compromised as the targeted computers were only dealing with political and financial issues.
A major operation aiming to reinforce the information system’s security was conducted during the week-end of March 5-6, 2011 by ANSSI, the French network and information security agency, in collaboration with the IT teams of the Ministries of Economy and Finance.
