France Arrests Suspect in Interior Ministry Cyberattack
▼ Summary
– French authorities arrested a 22-year-old suspect on December 17, 2025, for a cyberattack against the Ministry of the Interior earlier that month.
– The suspect is accused of unauthorized access to a state data system as part of an organized group, an offense carrying up to 10 years in prison.
– The attack, detected between December 11-12, 2025, compromised internal email servers and allowed access to document files, though data theft is unconfirmed.
– An administrator on the BreachForums hacking forum claimed responsibility, stating it was revenge for the 2025 arrests of five forum moderators and admins.
– The forum post claims the attackers stole data on over 16 million people, but French authorities have not confirmed this or a connection to the arrested suspect.
French authorities have apprehended a 22-year-old individual in connection with a significant cyber intrusion targeting the nation’s Ministry of the Interior. The arrest, made on December 17, 2025, stems from an investigation into the breach which compromised internal ministry systems. Prosecutors allege the suspect gained unauthorized access to a state-run automated personal data processing system as part of an organized group, a serious offense that can lead to a decade behind bars. The individual, born in 2003, is reportedly already known to law enforcement and was convicted earlier in the same year for similar cybercrimes.
The investigation is being handled by France’s specialized Office for Combating Cybercrime (OFAC). Officials stated a further update will be provided following the suspect’s police custody period, which can extend for up to 48 hours. This legal action comes just days after the government publicly acknowledged the security incident. Interior Minister Laurent Nuñez confirmed the attack was detected in the early hours of December 12, 2025, allowing intruders to reach certain document files. The ministry has not verified whether any information was actually exfiltrated during the event.
Minister Nuñez outlined the immediate response, noting that standard protective procedures were swiftly enacted. He also discussed the possible motives, stating the intrusion “could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime.” In reaction to the breach, the ministry bolstered its security measures and reinforced access controls across its entire network infrastructure used by staff.
Coinciding with the announcement of this government breach, the well-known BreachForums hacking platform resurfaced online. An administrator on the forum publicly took credit for the attack in a post, framing it as an act of retaliation. The post asserted the compromise was executed “in revenge for our arrested friends,” likely referencing the 2025 arrests of five BreachForums moderators and administrators who operated under aliases like “ShinyHunters” and “IntelBroker.” It is important to note that the “ShinyHunters” alias in this context is not believed to be linked to the principal operator of the notorious extortion gang of the same name.
The forum administrator made expansive claims about the data allegedly stolen, stating the attackers accessed files containing information on over 16 million individuals from French police records. The post included an ultimatum, giving the government one week to engage in negotiations to prevent the public release of this data. To support their assertion, the individual shared three screenshots purporting to offer proof of their involvement in the breach.
At this time, French authorities have not confirmed any connection between the arrested suspect and the statements made on BreachForums. The veracity of the hackers’ claims regarding the scale of the data theft also remains officially unverified as the investigation continues.
(Source: Bleeping Computer)
