Europe News

On 18 October 2022, a backbone link carrying the Internet from the north to the south of France was physically cut near the town of Aix-en-Provence. According to the elements of the investigation reported by the police, this was an act of vandalism in which the criminals only had to lift a protective cover. After gaining access to the cables, the criminals cut them, thus destroying the backbone segment coming from Lyon, which is used to link the submarine cables in the Atlantic to the submarine cables that run from the Mediterranean to the sides of the Indian and Pacific Oceans. For the time being, no drop in internet throughput has been reported by Interxion, the region's data centre operator, which claims that the sabotage had no internet-wide consequences. The original information was made public on 20 October by a US company called Zscaler, which provides secure cloud access platforms. According to network tests carried out by this company following the incident, the outage would affect the delivery of Internet via submarine cables that leave the port of Marseille to serve Africa, the Middle East and Asia. Indeed, they suggest that some parts of the network are experiencing packet losses. Although the actual impact is minor, Zscaler warns that this could cause latency in users' internet requests. Zscaler also suggests, after testing, other possible degradations on two other backbone links, the one from Madrid that serves as a relay for other cables crossing the Atlantic and the one to Milan that serves South East Europe; although this has not yet been confirmed by investigators.   At the same time, there has been confusion between several incidents in the media, as another cable damage has been reported in Great Britain. A link between the Shetland Islands and Scotland was severed on 20 October, completely cutting off the islands' telecommunications links. Although these incidents occurred at the same time, at the moment there is every reason to believe that they are completely uncorrelated. The impact of the cable cuts has therefore had a minor impact on the French telecoms network and its intercontinental dependencies, as the data rate has not decreased and the cables are being replaced. However, this is not an isolated incident, as cables of the same type were also vandalised earlier in May 2020 in the Paris region. As a result, a massive blackout affected the Ile-de-France region. Free and Orange were among those affected, but so was Scaleway (Iliad), whose boss explained that at least four operators in all had been affected by the outage. Extremist anti-5g activists have been suspected of acts of vandalism since 2019 and it has been assumed that some of these acts of destruction could be their doing. More organised and simultaneous sabotage could have almost similar consequences to the Shetland incident. However, such an operation requires a certain professionalism, site reconnaissance and a thorough knowledge of the French telecommunications wire network. These skills are rarely within the reach of ordinary vandals or activists, and no private contractor seeking retribution for payment problems would risk such large-scale attacks. Read more about it : here

On 8 October, the computer systems of three hospitals in Barcelona were disabled as a result of a cyber ransomware attack. As of 10 October, the system was still reportedly inoperative.  The information systems of all departments of the Consorci Sanitari Integral (CSI), which includes several health centres, nursing homes and hospitals, were affected.  The attack is said to be "serious" and to have hampered the functioning of the health centres. Staff were unable to access personal data and illness histories, or perform tests on devices running on the system. The group behind the attack has not yet claimed responsibility.  From the feedback on the consequences of the attack, it would appear that the impact is severe and that all the resources of the different hospitals are in a degraded mode, reducing their capacity to admit patients with speed. The health of patients in the Madrid region is therefore possibly at risk.  Read more about it : here

Italy's state-owned energy services firm GSE said on Monday its gas purchases were guaranteed despite a hacking attack on its IT systems that happened overnight. The company added its website and portals were temporarily suspended to secure data. GSE has been buying gas to boost Italy's stockpiles and help fill the country's gas storage system to at least 90% of capacity by year-end. Read more about it : here

Both Atos and Eloas suffered cyber attacks over the weekend of 9-11 September.   Eloas reportedly announced that it had suffered an "intrusion". On Sunday 11 September, the company said that the incident had been resolved and that all its services were operational again. However, according to MagIT, some of its sources, users of a virtual private server, said they had problems with the computer systems and had not heard from the Eolas teams since Saturday morning at 11am. Orange services have not made any further announcements on this subject.  The company Atos has had part of its outsourcing platform affected by a cyber attack. According to MagIT, this is what the Agence du Numérique en Santé (Digital Health Agency) indicated on its website on the morning of Friday 9 September before the announcement was deleted after a few hours. The publication stated that "victim of a cyber attack on its systems, the publisher Atos has taken security measures by temporarily interrupting certain web services".  Read more about it : here

Hacktivists or the Ukrainian state, with possible support from "Langley" (CIA), cyber-attacked Moscow University during a master's degree in hybrid warfare.  The university's security teams claimed that it was apparent that part of the attack originated in Washington and part in Kiev. According to these claims, some US authorities wanted to disrupt the university's hybrid warfare programme.  Read more about it : here

According to Valery Marchive, managing editor of "MAG-IT", an attack on the Belgian-based Casa Shop on August 8 was claimed by the cybercriminal group AvosLocker. The amount of the ransom or the nature of the data has not been communicated, however it seems that no customer data has been stolen.  Read more about it : here

A phishing campaign is currently targeting Poland, with attackers posing as "binzes.gov.pl.", a public service for entrepreneurs.  The email typically contains:  "The notification will be available on your authorised account until 09-17-2022 and if you do not read it within the specified period, appropriate consequences will be triggered (...)".  A copy of the notification mentioned in the fake email is included in the email attachment but it is a fake document which is actually a malicious web script. When it is opened, the computer is infected.  Read more about it : here

On the morning of 6 September, the pro-Ukraine hacktivist group "IT Army of Ukraine" claimed to have attacked the website of the bank "Gazprombank". The bank, wholly owned by Gazprom, is the third largest bank in Russia in terms of assets and investments. The website was still inaccessible on 6 September at 4pm.  Read more about it : here

Eni, too, after Gse, reports that it was attacked on the IT level. But with minor damage, unlike Gse, which is still down. Various experts suspect an attack from Russia, at a time when energy plays a critical geopolitical role Read more about it : here

According to officials at the Swedish website val.se, the site faced serious technical problems as a result of DDoS cyber attacks from 10 to 11 September.   The head of the authority's secretariat said on 11 September: "There have been three DDoS attacks against val.se, one yesterday and two today. The most recent one is still ongoing.  During the elections, the Swedish regional governments also reportedly experienced problems with their telecommunication facilities, but this did not disrupt the elections or their outcome.  Read more about it : here