Chinese spies are exploiting routers to try hacking French targets, cyber agency says

It's part of a blitz of foreign governments calling out Beijing-sponsored hackers.
This photograph taken on September 18, 2019, shows the logo of the French national cybersecurity agency Agence Nationale de la securite des systemes d'information(ANSSI) taken at ANSSI headquarters in Paris. (Photo by ERIC PIERMONT / AFP / Getty Images)

France’s national cybersecurity agency said on Wednesday that it is contending with a massive campaign by Chinese state-backed hackers targeting French organizations through compromised routers.

The Agence nationale de la sécurité des systèmes d’information (French National Agency for the Security of Information Systems), or ANSSI, released forensic information to help French entities to recognize if they had been compromised. The alert did not specify which industries or specific organizations were targets.

ANSSI said the APT31 group, sometimes known as Zirconium or Judgment Panda, carried out the reconnaissance. The group’s prior targets include Finland’s parliament, according to a June allegation from the Finnish Security and Intelligence Service, and the presidential campaign of then-contender Joe Biden in 2020, according to Google’s Threat Analysis Group.

APT31’s effort in France is “a large intrusion campaign of compromise” that is “still ongoing,” according to an English version of the ANSSI alert.


France’s attribution of Chinese hacking joins a recent parade of foreign governments leveling cyber malfeasance charges at Beijing, which has routinely denied wrongdoing. Most prominently, the U.S. and its allies this week declared Chinese state-backed hackers responsible for the Microsoft Exchange Server hack that paved the way to ransomware attacks on tens thousands of organizations. The broadside included a technical report about what federal agencies said was aggressive Chinese targeting of U.S. intellectual property.

The U.S. this week also revisited a series of intrusions at pipeline companies between 2011 and 2013 to attribute the attacks to China.

Ben Koehl, principal analyst at Microsoft’s Threat Intelligence Center, tweeted that the alleged espionage tactics in France offered the attackers considerable flexibility.

ANSSI this year earlier also pointed the finger at Russia’s Sandworm, another reputed government-backed hacking outfit, over the breach of French web hosting and IT firms.

Tim Starks

Written by Tim Starks

Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he's covered cybersecurity since 2003. Email Tim here:

Latest Podcasts