French government hack: Stormous posts information on darknet

A database published by the hacker group Stormous has appeared on a darknet forum. According to the statements, it contains email addresses and hashed passwords of employees of certain French government organizations. Although the authenticity of some of the information has been confirmed.

The attackers called the leak “completely compromising” “well-known French government institutions.” Potential victims include:

• French Development Agency (AFD)
• Regional Health Agency of Ile-de-France (ARS)
• Social Security Authority CAF
• French Audit Office
• Regional branches of Crédit Agricole bank

The leaked passwords are encrypted using the outdated MD5 algorithm, which is easily cracked. This allows attackers to access the credentials and use them for future attacks. The most likely scenario is phishing campaigns on behalf of official institutions.

Stormous is a veteran of ransomware groups, actively using the darknet to demonstrate its “achievements” and put pressure on victims.

Even if the data leak is not recent, there is a high risk of its use: the reuse of passwords, the trust in the email addresses of government institutions – all this poses serious threats. The Stormous attack is another example of the activation of cybercriminal groups operating against the public sector, and requires a rapid response from French cyber authorities.