Critical Infrastructure Security,
Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
The Rise of Edge Device Hacking: A Challenge for French Firms
The significant increase in cyberattacks targeting French organizations has been highlighted in a recent report from the French National Agency for Information Systems Security (ANSSI), in connection with the country’s hosting of the Olympics. This uptick necessitated substantial intervention from the state’s cybersecurity agency, particularly focusing on the vulnerabilities of network edge devices.
According to ANSSI, the agency managed over 4,300 cybersecurity incidents in 2024, marking a 15% rise compared to the previous year. This surge is largely attributed to the Paris Summer Olympics, which proceeded without disruption despite multiple attempts by cybercriminals to compromise the event. The attacks included distributed denial-of-service incursions linked to pro-Russian and pro-Palestinian hacktivists, as well as ransomware incidents that ultimately did not hinder Olympic activities. Additionally, there were indicators of a Chinese cyber espionage campaign targeting critical systems.
French businesses were not exempt from this wave of attacks, which appeared to be predominantly orchestrated by state-sponsored actors aiming at edge devices. In one documented incident, attackers exploited a vulnerability in Palo Alto firewalls, identified as CVE-2024-3400, to penetrate a telecommunications company and initiate a ransomware attack. ANSSI’s reporting revealed that numerous vulnerabilities in edge devices, particularly in Ivanti gateways, were targeted. The agency reported frequent exploitation of zero-day vulnerabilities, including those tied to devices from Fortinet and Check Point.
Notably, one attack mimicked strategies employed by a Chinese state-sponsored threat group, designated as UNC5174 by Google Mandiant, and utilized zero-day exploits within Ivanti’s Cloud Service Appliance. The agency detailed a troubling landscape for French telecommunications, where numerous espionage-focused attacks were directed against key operators. In recent years, anomalies have surfaced, including a compromised core network of a mobile telecom operator and extended intrusions into the communications infrastructure of satellite operators.
Cyber adversaries have adopted sophisticated methods to obfuscate their true origins, employing operational relay box networks (ORBs) to obscure their activities. ANSSI noted that these networks complicate cybersecurity defenses, as legitimate devices are often used to mask malicious traffic, leading to increased costs for organizations attempting to safeguard their systems.
The agency’s report illustrates the diverse range of tactics employed by cyber adversaries, aligning with the MITRE ATT&CK framework. Techniques such as initial access through exploiting vulnerabilities, persistence through unauthorized connections, and privilege escalation have been identified as potential strategies in these recent attacks. As the threat landscape evolves, organizations must remain vigilant and proactive in fortifying their defenses against such intricate cyber threats.
