A sophisticated cyber-attack that aimed to destroy a TV network in France was the work of the same Russian hacking group that has targeted the Hillary Clinton campaign, according to intelligence sources who spoke to the BBC.
The online attack took place in early 2015, and focused on the TV5Monde network. It is believed by intelligence services to have been the work of a team known as APT28 or "Fancy bear," and is thought to be linked to the team that has leaked confidential emails from within the Democratic National Committee.
The group is also thought to be responsible for leaking confidential information about the drug test results of elite athletes after Russian athletes were accused of doping.
The attack on TV5Monde was unprecedented in a number of ways. Rather than simply take the TV network off the air, the group used software that could have permanently destroyed its ability to broadcast.
The attack was meticulously planned and organized. According to BBC security correspondent Gordon Correra, the hackers first penetrated the network’s computer system three months before their attack, and used numerous entry points to insert their software.
On the day of the attack, the complete destruction of TV5Monde was only narrowly avoided. A number of computer engineers were on duty in the building due to the launch of a new channel, so they were on hand when the hack was activated. One of them managed to disconnect a computer that was acting as a gateway for the attackers. According to one TV executive, the network was two hours away from complete destruction.
The attack was initially believed to be the work of a jihadi group affiliated with ISIS. A group calling itself the "cybercaliphate" claimed responsibility. Investigations by intelligence services have now revealed that this was misdirection, and that the hackers were in fact based in Russia.
According to Correra, for such a large-scale and comprehensive attack on a French TV network has puzzled intelligence services.
“They’ve struggled with [understanding] it, actually,” he says. “There were long debates within the US, the UK and the French intelligence community. And the result, at least in the UK, was that this was Russia testing its cyber weapons to see if they worked.”
If true, that may mean this is not the last time a broadcaster is targeted for destruction by Russian hackers.
The story you just read is not locked behind a paywall because listeners and readers like you generously support our nonprofit newsroom. If you’ve been thinking about making a donation, this is the best time to do it. Your support will get our fundraiser off to a solid start and help keep our newsroom on strong footing. If you believe in our work, will you give today? We need your help now more than ever!