“Politics makes strange bedfellows” is an old saying that apparently applies to hacktivist groups too.
In recent days, Cyble threat intelligence researchers have observed pro-Russian and pro-Palestinian hacktivists uniting against France in retaliation for the country’s support of Ukraine and Israel.
Uniting under the banner the “Holy League,” the groups declared cyberwar against France amid a no-confidence vote in Parliament against Prime Minister Michel Barnier and a visit by U.S. President-elect Donald Trump.
The Holy League alliance is also noteworthy because it comes amid the ouster of Russian-backed Syrian President Bashar-al-Assad, a revolution supported by pro-Islamic groups. “This alliance highlights a pragmatic convergence of interests, where shared objectives in destabilizing common adversaries outweigh ideological differences,” Cyble noted.
“This political turmoil has created a vulnerable environment, providing hacktivist groups with an opportunity to sow chaos, disrupt public order by disrupting public and critical infrastructure, and amplify uncertainty within the nation,” Cyble wrote.
The Holy League discovery closely follows Cyble’s detection of a new threat campaign against Russian organizations waged by the pro-Ukraine hacktivist group “Head Mare.”
The Hacktivists Uniting Against France
Cyble Research & Intelligence Labs (CRIL) researchers said the hacktivist alliance known as the “Holy League” declared cyberwar on France on Dec. 6 on their Telegram channel.
The announcement was echoed by prominent members of the alliance, such as the pro-Russian group NoName057(16), the pro-Islamic threat group Mr. Hamza, and the pro-Palestinian collective Anonymous Guys, and coordinated attacks followed, “demonstrating a unified effort among ideologically diverse threat actors to target French assets,” Cyble said.
Between Dec. 7 and Dec. 10, Cyble said the hacktivist groups “executed DDoS attacks, compromised Industrial Control Systems (ICS), conducted website defacements, and claimed data breaches of several French entities.”
Holy League Launches DDoS Attacks, Breaches, Defacements
Cyble documented 10 groups involved in the attacks against France, which included DDoS attacks, data breaches and website defacement.
NoName057(16) and the People’s Cyber Army primarily focused on the official websites of French cities and private organizations, including French financial giant AXA.
Mr. Hamza targeted high-value government targets, including the Ministry of Foreign Affairs, the French Directorate-General for External Security (DGSE), the French National Nuclear Energy Commission (CEA), and the French National Cybersecurity Agency (ANSSI).
Anonymous Guys targeted ministries and governmental departments, such as the Ministry of Armed Forces, the Ministry of Agriculture and Food, and the Ministry of Solidarity and Health.
In all, Cyble observed more than 50 DDoS attacks against French websites over the four days.
The pro-Russian group Z-Pentest, meanwhile, conducted defacement attacks against smaller enterprises spanning Energy and Utilities, Agriculture and Livestock, the Automotive sector, and Hospitality, defacing websites with pro-Russian statements.
Also read: New Russian Threat Group Z-Pentest Targets Energy System Controls
Four Holy League members – Hunt3rKill3rs, Shadow Unit, EvilNet and KozSec – claimed breaches of several systems in France.
Shadow Unit, a pro-Islamic hacktivist group, claimed breaches of the SCADA systems of Corus Nuclear Power Plant and the French Marne Aval station.
Shadow Unit and UserSec claimed separate breaches of the urban planning site plubioclimatique.paris.fr, exfiltrating more than 50 PDF documents and 100GB of data from French Government websites.
Campaign Signals ‘A New Era of Cyber Conflict’
Cyble said the cyberattacks “underscore a new, broader geopolitical landscape where hacktivist alliances can sow and exploit discord for their objectives. The collaboration between ideologically diverse groups, such as pro-Islamic and pro-Russian hacktivists, signals a shift in how adversaries may align their interests against common targets.
“The implications extend beyond France, as similar threats loom over other nations, signaling a new era of cyber conflict where common adversaries may overshadow ideological differences.”
