Chinese operations are gaining strength against French interests

Les opérations d

Of the 17 operations conducted in 2021 by the National Security Agency for Information Systems (ANSSI), “14 involved espionage cases, nine of which appeared to be consistent with Chinese-origin operating methodsANSSI Director General Guillaume Poupard revealed last Wednesday during a Senate hearing. It guides the doubts we have”. The rise of China is very clearly depicted “extremely important cyber activity, perhaps more important in recent months than Russia. China Tried to Infiltrate Networks for Large-Scale Industrial Espionage”For his part, the Secretary General of Defense and National Security (SGDSN) Stéphane Bouillon said during the same hearing.

The espionage cases “show us that there is more than one origin in terms of attacks, but there is still a kind of epicenter that has been forming over the years,” Guillaume Poupard noted.

Computer espionage operations remain “The main target of attacks by foreign special services and their subcontractors”, explains the government. These operations target both institutions and private entities. This increase in cyber attacks can be explained in two ways. On the one hand, vulnerabilities are increasingly exploited, and new digital uses that are less well-developed, such as the cloud, are also exploited by cyber attackers. On the other hand, the capabilities of attackers, whose main intentions remain financial gain, espionage, destabilization and sabotage, are constantly increasing.

Very complex operations

espionage operations “these are very complex operations that involve a whole confusing ecosystem that mixes public and private actorsexplained Guillaume Poupard. We are dealing with attackers who have a very high level, much higher than criminals. Untangling the skein is sometimes extremely difficult. Thus, espionage constitutes 80% of the activities of the ANSS.. For the agency, logically, the operation, “this is a very serious thing because it involves a massive commitment of resources from the agency, our partners and private service providers”– emphasized the head of ANSI.

But, he regretted, “very often it is difficult for us to give an accurate assessment, even a confidential one. Finally, when you realize that a strategic-level adversary has possessed a sometimes sensitive information system for months, even years, the consequences can be quite dramatic.”

Luck can play a key role in detecting intrusions into information systems. “In the field of espionage, we have to admit from time to time that when we look at the way we detect certain attacks, there is nothing systematic or completely rational about it.confirms Guillaume Poupard. We get lucky sometimes, but luck is not a strategy. So I’m always concerned about anything that hasn’t been seen in terms of espionage or in terms of pre-positioning for military purposes.”.

And Russia?

As far as cyberattacks are concerned, the Russian military threat has so far bypassed France. It is aimed at destroying information systems. ANSSI’s priority is to monitor this threat, which can have dramatic national security implications, especially for critical infrastructure. “The first thing to note is that there has not been such an attack, even since the beginning of the Ukrainian crisis. However, Russia should not be underestimated in this regard. We saw this with SolarWinds in 2020.”, recalled Guillaume Poupard. In the case of SolarWinds, the worst cyber attack to hit the United States, the hackers targeted a US government supplier, in this case a software vendor. SolarWinds says 18,000 of its customers were affected, including 425 Fortune 500 companies.

Did ANSSI underestimate Russia’s capabilities? “We know the level of Russia, we know it from the fact that we have already observed the attempts of prepositions, very high things”, reminded the general director of ANSSI. However, as Stéphane Bouillon pointed out, “The most famous attribution is the blinding of the ViaSat satellite on the morning of the Russian offensive in Ukraine. This should have blinded communications on the battlefield, which also disabled the satellite’s modems in much of Europe.’. ANSSI remains very vigilant about possible destructive attacks against critical infrastructures.