The main threat that concerns Anssi remains espionage. A much less visible threat than classic cybercrime, but which affects businesses and operators of vital importance in a much greater way.
“While for-profit attacks have taken center stage in recent months, it is important to remember that espionage remains the main purpose pursued with destabilization attempts and computer sabotage actions”, underlines the agency.
China in the crosshairs
In its report “Overview of the cyber threat in 2021”, the agency places particular emphasis on activities related to the Chinese sphere by advancing one statistic in particular: “in 2021, out of the 17 cyber defense operations handled by the Anssi, 14 were linked to computer espionage operations, involving for 9 of them reputable Chinese operating methods”.
In July 2021, Anssi had already sounded the alarm by publishing a report describing the activities of the APT31 group, which then targeted France by attacking routers in particular.
If this report did not quote China directly, the use of the acronym APT31 was already a first indication: the name is used by the American company Mandiant to designate “a group of cyber espionage in the pay of Beijing”, according to its own analysts .
A legal framework to facilitate espionage
In addition to the computer attack campaigns carried out by these groups, Anssi is also concerned about the “misappropriation of legal frameworks” aimed at facilitating espionage. The agency is thinking here of the numerous laws relating to cybersecurity approved by governments.
The American Cloud Act is often cited, which allows intelligence services to access data hosted by American companies. But the agency’s report insists that the Americans are not alone in exploiting the legal framework to facilitate espionage: China recently adopted a comparable intelligence law.
Another method highlighted by the agency, the legal obligation to use certain tools. “Thus, certain versions of the GoldenTax software, imposed in China, have embedded a backdoor allowing stealth access to the information systems of several companies”, writes Anssi. By imposing through legal means the use of local software, governments ensure an easy way to gain access to the computer system of foreign companies established in the country.
Newcomers, new risks
While Chinese espionage has been a known threat for a long time, ANSSI also notes that the emergence of the private sector in the sector is leading to the arrival of new players who were not traditionally associated with this activity.
A glaring example: the Pegasus affair, named after this spyware marketed by the Israeli company NSO Group. Officially, this type of tool is reserved for the fight against terrorism or against organized crime, but “the latest revelations suggest a misuse of the use of these tools for purposes of strategic and political espionage against other targets”.
The agency is concerned about the development of such tools, and notes that the emergence of a private offer in this area allows new sponsors (state or not) to afford “the means to carry out computer attacks without having to develop their own abilities and skills.
The hacked spy
NSO Group has made headlines over the past two years, but they are not the only ones to offer this type of tool and Anssi is also concerned about the risks associated with hacking these spyware publishers.
The report thus recalls the case of the hacking of the Italian company Hacking Team in 2015, which offered this type of spyware. But we could also cite the case of the hacking of the German company Gamma Group, which offered similar tools, a year earlier.
A risk to be taken into account for the years to come, according to Anssi: “the development and multiplication of this type of company also increases the risk that they themselves are the subject of computer attacks leading to disclosure of potentially sophisticated attack tools and their proliferation”.