On December 6, 2024, the hacktivist alliance known as the “Holy League” launched coordinated cyberattacks against France, citing the nation’s support for Ukraine and Israel as motivation. The group comprises ideologically diverse factions, including the pro-Russian NoName057(16), the pro-Islamic Mr. Hamza, and the pro-Palestinian Anonymous Guys. These cyber campaigns coincided with France’s political crisis and the visit of U.S. President-elect Donald Trump, exploiting national instability to maximize impact.
Attack Details:
- Distributed Denial of Service (DDoS):
- Over 50 attacks targeted government and private entities between December 7–10, 2024.
- Key targets included French ministries, the Directorate-General for External Security (DGSE), and corporations such as AXA.
- Website Defacement:
- Pro-Russian group Z-Pentest defaced websites from various sectors, including energy, agriculture, and hospitality.
- Compromise of Critical Infrastructure:
- Unauthorized access claimed by Shadow Unit to SCADA systems at a nuclear power plant and water station.
- KozSec infiltrated sensitive industrial systems, sharing evidence of their breaches.
- Data Breaches:
- Exfiltration of over 100GB of data from French government websites and theft of internal documents from municipal platforms.
Implications:
This campaign underscores a disturbing collaboration between traditionally opposing ideological groups. By prioritizing shared geopolitical goals, hacktivists are aligning to destabilize common adversaries. The attacks demonstrate a significant threat to public infrastructure, national security, and international stability.
Recommendations:
- Strengthen defensive measures for critical infrastructure and government networks.
- Enhance monitoring of ideologically driven alliances.
- Proactively share threat intelligence to mitigate further cross-border cyberattacks.
For more details, visit Cyble’s official blog.