Paris, April 29, 2025 — The French government has officially blamed Russian military intelligence for a major cyber-attack on Emmanuel Macron’s 2017 presidential campaign, as well as a series of cyberattacks on French infrastructure, media, and organizations linked to the Paris 2024 Olympic Games.
According to a statement released by the French foreign ministry, the advanced persistent threat group known as APT28, also called Fancy Bear, carried out these attacks under the direction of Russia’s GRU (Main Intelligence Directorate).
Macron Campaign Hacked in 2017
Just hours before the second round of the 2017 French presidential election, a large trove of internal emails and documents from Macron’s campaign were leaked online. The dump occurred after the legal deadline for campaigning had ended, raising suspicions of election interference.
Although some of the documents were reportedly forged, the French foreign ministry stated that the attack “failed to have any real impact on the electoral process.” Macron went on to defeat far-right candidate Marine Le Pen in the final vote.
Ongoing Cyber Threats to France Since 2021
The ministry revealed that since 2021, Russia’s GRU has targeted over a dozen French entities in critical sectors including defense, finance, public services, and media. Among the victims was TV5Monde, which suffered a major attack in 2015, falsely claimed by Islamic State actors but later attributed to Russian operatives aiming to manipulate public opinion and incite fear.
Additionally, a sports organization involved in the 2024 Olympic and Paralympic Games was also reportedly compromised as part of the broader campaign to disrupt French interests.
France Condemns Use of APT28 by Russia
Jean-Noël Barrot, the French Minister for Digital Affairs, shared a video online highlighting these findings and condemned the repeated use of APT28 by Russian military intelligence.
APT28, known globally for its involvement in the 2016 US presidential election hack targeting Hillary Clinton’s campaign, has continued operations in France, Ukraine, North America, and across Europe, according to a report from ANSSI (France’s Cybersecurity Agency).
The report emphasized that the group typically infiltrates personal email accounts and internal systems to steal sensitive data and facilitate further intrusions.
International Cybersecurity Warnings and Response
In September 2024, intelligence agencies from NATO members, including Germany, issued warnings about Fancy Bear’s active operations against western nations.
France, in coordination with its allies, vows to strengthen its cyber defenses. The foreign ministry affirmed:
“France condemns in the strongest terms the use by Russia’s military intelligence service of the APT28 attack group… France is determined to use all available means to anticipate, deter, and respond to Russia’s malicious cyber behavior.”