This is a new cyberattack that could worry France but not only. The name of the victim company, Thalès, the French specialist in aerospace, defense and security, is resounding. This Monday, the Russian-speaking group of cybercriminals, Lockbit 3.0, claimed responsibility for a cyberattack against Thalès on Monday, October 31, in a communication on the darknet spotted by franceinfo.
“All available data will be released,” the cybercriminals write with a fearsome countdown to November 7. For the moment, they do not seem to ask, in their press release, for a ransom. On the other hand, they specify: “As far as customers are concerned, you can approach the competent organizations to consider taking legal action against this company (Thalès) which has largely neglected the rules of confidentiality. We are at your disposal to offer you the best of our abilities”.
A proposal and a threat taken seriously by the electronics giant. Contacted by our colleagues, the group “assures that its cybersecurity experts are currently investigating the claimed attack, in order to verify that data has indeed been stolen and, if so, identify them”. No complaints have been filed at this time.
Several attacks in France, already Thales in January
Last January, already, the same cybercriminals had been able to appropriate data from Thales. The group had apparently not given in to the ransom demand blackmail. Several hundred Zip files, the most recent dated January 1, 2022, had been exposed by the hackers. These were internal tools, including computer code, for developers of Space Ops solutions from Thales Alenia Space, the joint venture with Italian arms giant Leonardo dedicated to the space industry.
These 1,320 files were not available for very long. Contacted by Le Parisien, the Thales group specified that “most of the stolen files (…) hosted data with a low level of sensitivity and which is external to the main information systems of the group”. A meager loot from a badly secured server this time.
The Lockbit 3.0 gang and its teams are not at their first attempt in France. They have already claimed several victims, including the very striking attack on the Corbeil-Essonnes hospital on which the hackers demanded a ransom in exchange for the non-publication of the stolen data. In mainland France, these cybercriminals would also have stolen the data of La Poste Mobile customers in July or even from the town hall of Chaville (Hauts-de-Seine) a few days ago.
Each time, they make use of ransomware. This ransomware or “ransomware” in English corresponds to malicious software which comes to encrypt, to make completely unreadable, the data of a computer, a server or a network of a company or a local community. Computer hackers will first sell the victim their data decryption key, the key to accessing it again. But if the target refuses to pay, they activate a second lever: the threat of publishing the siphoned data or reselling it to the highest bidder.