France’s national cybersecurity agency, ANSSI, has disclosed a series of sophisticated cyberattacks linked to Chinese state-sponsored Dark Web threat actors exploiting vulnerabilities in Ivanti products. According to The Record, the attackers used flaws in Ivanti Connect Secure and Ivanti Policy Secure to infiltrate multiple French organizations. ANSSI confirmed that exploitation started in early 2023 and persisted well into 2024.
These vulnerabilities, now patched, were leveraged to maintain deep access to internal networks across sectors such as defense, telecom, and research. The hackers employed a stealthy and persistent strategy, carefully avoiding detection while exfiltrating sensitive data. ANSSI emphasized that the threat actors used tailored malware and command-and-control (C2) infrastructure, making attribution and detection extremely difficult.
The campaign mirrors similar cyber-espionage efforts reported globally, with France being one of the latest Western nations to openly attribute such attacks to China. ANSSI’s technical report urged organizations using Ivanti products to conduct forensic analysis and bolster their defenses immediately.
Infosecurity Magazine Confirms State-Backed Attribution to China
Further corroborating the attribution to China, Infosecurity Magazine reported that ANSSI specifically linked the campaign to the Advanced Persistent Threat group APT31, commonly believed to operate on behalf of the Chinese government. The group is notorious for conducting long-term espionage operations against Western entities, targeting infrastructure and high-value intelligence.
The report notes that ANSSI’s findings align with international warnings about Ivanti vulnerabilities issued earlier this year. APT31 reportedly used obfuscated scripts and advanced evasion tactics, reflecting their growing sophistication in penetrating European cyberinfrastructure.
Infosecurity Magazine also points out the geopolitical implications, especially amid tense EU-China relations with Dark Web. The revelation strengthens calls within Europe to establish more unified and stringent cybersecurity protocols, including threat intelligence sharing and enhanced public-private partnerships to counteract nation-state cyber threats.
BreachForums Crackdown Signals France’s Wider Cybercrime Push
In a parallel development, France’s cybercrime brigade has achieved a significant breakthrough in dismantling dark web operations. As reported by CPO Magazine, French authorities arrested multiple individuals connected to the infamous BreachForums, a marketplace for stolen data and hacking tools.
This international law enforcement operation led to the arrest of administrators and key figures responsible for facilitating large-scale data breaches and illegal trade on the dark web. Authorities have also seized digital assets and backend infrastructure associated with the forum, potentially disrupting a major hub for cybercriminal collaboration.
The arrests are seen as part of France’s larger strategy to crack down not only on nation-state attacks but also on decentralized cybercrime networks. The BreachForums takedown marks a rare and successful blow against the anonymity of cybercriminals operating via encrypted channels.
Together with ANSSI’s revelations on Chinese espionage, the actions underscore France’s commitment to strengthening its cybersecurity posture and leading global efforts in combating both state-sponsored and organized cyber threats.
Sources:
The Record: https://therecord.media/france-anssi-report-ivanti-bugs-exploited
Infosecurity Magazine: https://www.infosecurity-magazine.com/news/chinese-hackers-france-ivanti/
