The investigation into the cyberattack suffered by France’s TV5Monde television channel in April is now focusing on “a group of Russian hackers”, a judicial source told AFP on Tuesday.
The cyberattack was carried out by unknown persons claiming to represent the Islamic State group, who shut down transmissions and placed jihadist propaganda messages on the station’s website, and Facebook and Twitter accounts.
But confirming information first published by L’Express newspaper, the judicial source said “the investigations are at this stage looking towards a group of Russian hackers designated by the name APT28.”
In a report to be published on Wednesday, L’Express said APT28, also known as “Pawn Storm“, had previously tried to hack the White House and NATO members, as well as targeting Russian dissidents and Ukrainian activists.
A source involved in the case told AFP the investigators were narrowing the search by probing the IP addresses of computers used in the attack.
The TV5Monde station, which broadcasts worldwide, did not resume full operations for 18 hours after the hack on April 8, which authorities at the time said was likely a “terrorist act”.
The channel was forced to broadcast pre-recorded programs after what TV5Monde boss Yves Bigot described as a cyber-attack “unprecedented in the history of television.”
The hackers posted documents on TV5Monde’s Facebook page purporting to be the identity cards and CVs of relatives of French soldiers involved in anti-IS operations, along with threats against the troops.
“Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it,” read one message on the hacked Facebook page.
“The CyberCaliphate continues its cyberjihad against the enemies of Islamic State,” the message added.
Just hours before the attack, the Islamic State extremist group had published a video praising their “knights of the media” carrying out cyber-attacks and urged them to step up their efforts.