Security Experts:

Connect with us

Hi, what are you looking for?



France: Flame Malware Used in Attacks Against Government Officials, US Accused

State-sanctioned attackers broke into French government computers and illegally obtained top-secret information, according to an exclusive report in the French paper L’Express. The United States was behind the incident, the paper claimed.

State-sanctioned attackers broke into French government computers and illegally obtained top-secret information, according to an exclusive report in the French paper L’Express. The United States was behind the incident, the paper claimed.

Attackers used simple social engineering tactics to phish government officials working at the Élysée Palace for their login credentials, L’Express reported. The attackers used Facebook to identify people who worked at the presidential palace and connected with them on the social networking site. The victims considered the attackers as friends, making it even more likely that when the attackers sent an email invitation with a link to a Website, the victims would click on it. The fake site was a replica of the Élysée Palace site, and when prompted to enter the password, they did so, in “good faith,” according to L’Express.

Flame Malware in FranceWith login credentials in hand, the attackers were able to access the Élysée Palace network, and installed “spy software” which spread to other computers. The malware infected machines belonging to the “most influential advisers” in the French government, including Xavier Musca, the Secretary General, according to the report. The French president, Nicolas Sarkozy, was not infected because he didn’t have a networked Windows PC. The attackers then stole political and strategic data, L’Express said.

“We categorically refute allegations of unidentified sources,” Mitchell Moss, a spokesperson from the U.S. Embassy in Paris, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.”

L’Express said the malware had the same features as Flame, the cyber-espionage tool discovered by Kaspersky Lab earlier this year.

The attack occurred in May, just before the second round of presidential elections in France. An unnamed official close to the investigation said the attack was likely related to France’s numerous political and economic agreements with foreign countries, including the Middle East. The attackers could have been trying to figure out how those agreements would be impacted if Sarkozy lost the election.

“You can be on good terms with a ‘friendly country’ and still wish to ensure its continued support, especially in a period of political transition,” an unnamed official told the magazine.

It took the French information security agency Anssi several days to clean and restore the network.

Department of Homeland Security secretary Janet Napolitano told L’Express in an interview that Flame and Stuxnet had “never been linked to the US government.”

Stuxnet is widely believed to have been developed by the United States and Israel to damage, and halt Iran’s nuclear program. However, anonymous government officials reportedly confirmed to the New York Times this summer that Stuxnet was part of a joint US-operation codenamed Operation Olympic Games.

Kaspersky Lab believes Flame is related to Stuxnet because the two pieces of malware share a code module. Despite being discovered earlier, Kaspersky researchers believe Stuxnet was developed after Flame.

“We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones,” Napolitano told L’Express.

Related: Connections Exist Between Cyber Weapons, But Secrets Remain

Related: Obama Ordered Use of Stuxnet Against Iran

Written By

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...