The disruption lasted several hours. The shipping company Corsica Ferries was the victim of a cyber-attack on Friday around noon. A maintenance message was then displayed on the reservation access tab, alerting customers of a temporary interruption of the computer servers. The site was restored to normal operation on Saturday afternoon.
In the meantime, ANSSI, the national agency for the security of information systems, has taken charge of the case. According to information from France 3, no leak of data, customer files or the company is to be deplored. Only the booking site would have been affected.
Behind the cyber-attack could be a collective of pro-Russian hackers: NoName057 (16). The group claimed responsibility for the attack on its Telegram channel on 19 October. A method sometimes used by web hackers, which consists of intruding into the company's IT perimeter several days or weeks before the attack. Five other shipping companies (Color Line, Stena Lina, P&O Ferries, Irish Ferries and Tallink Grupp) were also targeted, cybersecurity firm FalconFeeds confirmed.
NoName hackers group targets multiple websites.
-Color Line -Stena Line 🇳🇴
-P&O Ferries -Corsica Ferries -Irish Ferries 🇬🇧
-Tallink Grupp 🇪🇪 #Norway #Sweden #UK #France #Ireland #Estonia #ddos #cyberattack #cti #threatintel pic.twitter.com/kTZvyGX0af
— FalconFeeds.io (@FalconFeedsio) October 19, 2023
Reading the hacker group's Telegram feed reveals political motivations, as many European transport operators have been targeted in recent weeks. By claiming responsibility for the October 19 attack, the collective justifies its action: "To remind the Russophobic authorities of Europe once again of the consequences of supplying weapons to Kiev, we went to bomb the sites of European ferry crossings."
NoName057 (16) made headlines in March 2022, claiming responsibility for cyberattacks on Ukrainian, American and European websites. In France, the collective attacked the public website of the National Assembly, that of the Senate and various sites linked to the RATP.
Read alsoWhy a group of Russian-speaking hackers is parasitizing RATP's internal sites
"NoName is part of an ecosystem of pro-Russian volunteers who seek to help the Kremlin destabilize the West with cyberattacks that are not complicated to carry out and whose benefit/risk ratio is interesting," Charles Ponsard, threat analyst at Orange Cyberdefense, explained in our columns last June. "They have the technical opportunity by targeting sites with low volumes of visits and therefore easy to saturate," said Nicolas Arpagian, a cyber risk specialist at Headmind Partners.