French Government’s Secure Messaging Platform Tchap Breached via Compromised Account The French government’s encrypted messaging platform, Tchap, was breached after hackers gained access using a hijacked user account. Developed by DINUM (the digital affairs directorate) in collaboration with ANSSI (France’s cybersecurity agency) in 2018, Tchap is a Matrix-based secure messaging tool exclusively for the French public sector, with over 300,000 monthly users and 500,000 Play Store downloads as of 2025. The breach was detected by ANSSI on Sunday, prompting DINUM to disclose the incident on Monday. The attacker accessed the platform through a compromised account, potentially exposing personal data shared in conversations. DINUM has notified CNIL (France’s data protection authority) and warned users that public chat rooms are unencrypted and accessible to any user, advising against sharing sensitive information in them. While the compromised account was immediately blocked, the investigation is ongoing to determine the extent of the breach. A threat actor later claimed responsibility, stating they gained access via social engineering on the education shard (matrix.agent.education.tchap.gouv.fr). The attacker alleged they exfiltrated: - Hardcoded LDAP credentials from a PowerShell script shared by a French tax authority official. - 13.5GB of documents and media files shared by public servants. - Nearly 650,000 messages and metadata from 73,000+ accounts, including emails, organizational details, meeting links, and device information. The attacker also claimed that all files shared on Tchap were downloadable without authentication, regardless of the shard hosting them. DINUM has not confirmed these details, and the incident remains under investigation. This breach follows a recent cyberattack on ANTS (France’s national agency for secure documents), where a 15-year-old was detained last month for allegedly selling stolen data.

Ransomware Attacks in Europe Surge Between 2021 and 2023, ANSSI Data Reveals A recent report from France’s National Agency for the Security of Information Systems (ANSSI) highlights a sharp rise in significant ransomware attacks across Europe over a three-year period. Published on February 26, 2024, the data compiled by Statista tracks reported cases from 2021 to 2023, underscoring the growing threat landscape for organizations in the region. The findings reveal a steady increase in high-impact ransomware incidents, with attackers targeting critical infrastructure, businesses, and public institutions. While the exact figures remain undisclosed in the summary, the trend reflects broader global patterns of escalating cyber extortion, driven by sophisticated threat actors and evolving attack vectors. ANSSI’s data serves as a key reference for cybersecurity professionals, policymakers, and industry leaders assessing the scale of ransomware risks in Europe. The report’s insights contribute to ongoing efforts to strengthen defenses and mitigate the financial and operational disruptions caused by such attacks.