Threats Affecting France
View all threats affecting or targeting France. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Affecting France
Click on any threat for detailed analysis and mitigation recommendations
Operation Poisson – Analyzing a Cybercriminal’s Entire Operation 0 A comprehensive analysis of 339 commands issued by a French-speaking threat actor nicknamed 'Poisson' over 33 days, targeting a French automotive small business and four French individuals. The attacker utilized a multi-stage fileless attack deploying a 70-line Python keylogger to harvest banking and email credentials. The operation leveraged free-tier infrastructure including Havoc C2 framework, Backblaze B2 storage, and DuckDNS. Most significantly, the attacker installed OpenSSH and Tailscale VPN on victim machines, creating persistent access that survived C2 server takedown. When the C2 went offline for 18 days, the attacker's access remained intact through the VPN mesh, demonstrating that VPN-mesh-based persistence is actively used in real-world intrusions and that traditional C2 takedown is insufficient for remediation. Join the discussion | AlienVault OTX General | 06/19/2026, 11:24:44 UTC Added: 06/19/2026, 11:36:46 UTC |
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign 0 Cybercriminals orchestrated a sophisticated malvertising operation leveraging Google Ads to impersonate popular AI developer tools including Claude AI, ChatGPT Codex, Perplexity, Cursor IDE, and JetBrains. Over seven weeks spanning April to June 2026, attackers deployed 106 unique malicious hostnames across six distinct waves, initially hosting ClickFix social engineering pages on GitLab infrastructure before pivoting to weaponize claude.ai's legitimate shared chat feature. The campaign targeted technically proficient users searching for AI development tools, tricking them into executing terminal commands that deployed the MacSync infostealer. This credential-harvesting malware collected browser data, SSH keys, and cryptocurrency wallets. The Asia-Pacific region sustained the heaviest impact with 67.2% of over 2,000 victims, particularly concentrated in Taiwan. Anthropic responded by banning malicious accounts and implementing additional abuse mitigations. MediumMalware Join the discussion | AlienVault OTX General | 06/18/2026, 10:09:50 UTC Added: 06/18/2026, 20:20:24 UTC |
Over 73,000 French govt employees affected in Tchap messenger breach 0 The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...] Join the discussion | Bleeping Computer | 06/12/2026, 07:09:11 UTC Added: 06/12/2026, 07:15:08 UTC |
Kaspersky Security Blog | 05/29/2026, 13:02:47 UTC Added: 05/29/2026, 13:09:53 UTC | |
Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted 0 A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications. MediumCampaign Join the discussion | AlienVault OTX General | 05/27/2026, 20:22:10 UTC Added: 05/28/2026, 15:33:32 UTC |
Showing 1 to 5 of 5 results