FMAF A.I CyberSecurity Scoring
FMAF
Company Information
Website:http://www.defense.gouv.fr/
Employees number:1,121
Number of followers:0
NAICS:336414
Industry Type:Defense and Space Manufacturing
Homepage:gouv.fr
FMAF Risk Score (AI oriented)
Between 700 and 749
FMAFDefense and Space Manufacturing
Updated:
13/07/2026
13/07/2026
719/1000
Moderate
Ba
FMAF Global Score (TPRM)
xxxx
FMAFDefense and Space Manufacturing
Score locked

FMAFModerate
Current Score
719Ba (MODERATE)
01000
6 incidents
-27.75 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
719
JUNE 2026
791
Breach
07 Jun 2026 • FMAF
ANSSI, DINUM and French Tax Authority: French govt messaging service breached in account hijacking attack
French Government’s Secure Messaging Platform Tchap Breached via Compromised Account
719
CRITICAL-72
ANSFREDIR1781008517
French Government’s Secure Messaging Platform Tchap Breached via Compromised Account
The French government’s encrypted messaging platform, Tchap, was breached after hackers gained access using a hijacked user account. Developed by DINUM (the digital affairs directorate) in collaboration with ANSSI (France’s cybersecurity agency) in 2018, Tchap is a Matrix-based secure messaging tool exclusively for the French public sector, with over 300,000 monthly users and 500,000 Play Store downloads as of 2025.
The breach was detected by ANSSI on Sunday, prompting DINUM to disclose the incident on Monday. The attacker accessed the platform through a compromised account, potentially exposing personal data shared in conversations. DINUM has notified CNIL (France’s data protection authority) and warned users that public chat rooms are unencrypted and accessible to any user, advising against sharing sensitive information in them.
While the compromised account was immediately blocked, the investigation is ongoing to determine the extent of the breach. A threat actor later claimed responsibility, stating they gained access via social engineering on the education shard (matrix.agent.education.tchap.gouv.fr). The attacker alleged they exfiltrated:
- Hardcoded LDAP credentials from a PowerShell script shared by a French tax authority official.
- 13.5GB of documents and media files shared by public servants.
- Nearly 650,000 messages and metadata from 73,000+ accounts, including emails, organizational details, meeting links, and device information.
The attacker also claimed that all files shared on Tchap were downloadable without authentication, regardless of the shard hosting them. DINUM has not confirmed these details, and the incident remains under investigation.
This breach follows a recent cyberattack on ANTS (France’s national agency for secure documents), where a 15-year-old was detained last month for allegedly selling stolen data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
07 Jun 2026 • FMAF
Interministerial Directorate for Digital Affairs, French Government, Ministry of Finance, Ministry of Interior, Ministry of Education and Ministry of Defense: Tchap Messenger Breach Exposes Data of 73,000+ French Government Employees
French Government’s Secure Messaging Platform Tchap Breached, 13.51 GB of Data Exfiltrated
719
CRITICAL-72
DIRIFIFRE1781260189
French Government’s Secure Messaging Platform Tchap Breached, 13.51 GB of Data Exfiltrated
A threat actor operating under the alias misere has claimed responsibility for compromising Tchap, the encrypted messaging platform used by the French government, allegedly stealing 13.51 GB of sensitive internal data. The breach, detected by France’s national cybersecurity agency (ANSSI) on June 7, 2026, targeted the platform’s education ministry shard (matrix.agent.education.tchap.gouv.fr) via a hijacked user account obtained through social engineering.
Developed by the Interministerial Directorate for Digital Affairs (DINUM) and built on the Matrix/Synapse open-source protocol, Tchap was mandated for all French public officials in September 2025 as a sovereign alternative to commercial apps like Signal and WhatsApp. With over 825,000 registered civil servants across ministries, the platform supports end-to-end encryption for private conversations but leaves public chat rooms unencrypted.
The attacker exploited Tchap’s non-shard-isolated user directory, allowing them to enumerate 73,467 government accounts across all ministries. From the compromised education ministry account, they scraped 643,459 messages from accessible rooms, 876 discussion channels, and 59,386 media files including 90 instances of "Diffusion Restreinte", France’s restricted government classification level. Exposed data also included internal Zoom and Webex meeting links, device metadata, and communications from key ministries, including Interior, Finance, Defense, Justice, and National Education.
DINUM confirmed that the breach exposed personal data such as full names, government email addresses, organizational affiliations, and profile avatars. While private messages remained encrypted, the incident highlighted a critical flaw: public rooms on Matrix-based platforms are accessible to any authenticated user, meaning a single compromised account could harvest vast amounts of sensitive data without exploiting software vulnerabilities.
Upon discovery, DINUM blocked the compromised account and launched an investigation with ANSSI. The agency also notified France’s data protection authority (CNIL) and issued a platform-wide alert to users, emphasizing the lack of encryption in public chat rooms. French officials have since maintained that the confidentiality of private messages was not compromised.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2026
799
Cyber Attack
15 May 2026 • FMAF
French government agencies: KGW News
Cyberattack Targets French Government Agencies via Compromised Software Update
790
CRITICAL-9
FRE1778920098
Cyberattack Targets French Government Agencies via Compromised Software Update
A sophisticated cyberattack recently disrupted multiple French government agencies after attackers exploited a compromised software update. The incident, detected in early June 2024, involved malicious actors infiltrating the supply chain of a widely used administrative software provider, leading to the deployment of malware across several public-sector systems.
The attack, attributed to an advanced persistent threat (APT) group with suspected ties to state-sponsored actors, leveraged a trojanized update to gain unauthorized access to sensitive networks. French cybersecurity authorities, including ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), responded by isolating affected systems and launching an investigation. While the full extent of the breach remains under assessment, initial reports indicate potential data exfiltration and operational disruptions.
The incident underscores the growing risk of supply chain attacks, where trusted software vendors become unwitting vectors for cyber espionage. French officials have not disclosed the specific agencies impacted but confirmed that critical infrastructure was not directly targeted. The attack follows a pattern of similar campaigns observed in Europe over the past year, highlighting the need for heightened vigilance in software integrity verification.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
799
MARCH 2026
827
Breach
13 Mar 2026 • FMAF
French Naval Group, Spanish Navy, Italian Navy, Ministry of the Armed Forces and Royal Netherlands Navy: Fitness App Security Breach Reveals French Aircraft Carrier Location
French Naval Group’s Location Exposed via Fitness App Data
798
CRITICAL-29
FREITASPANAV1774060009
French Naval Group’s Location Exposed via Fitness App Data in 2026
A security lapse involving a popular fitness app has revealed the precise location of France’s Charles de Gaulle aircraft carrier and its multinational naval group in the Eastern Mediterranean. According to a report by The Maritime Executive, a junior officer’s use of the app to log a run on the ship’s deck on March 13, 2026, exposed the group’s position approximately 100 kilometers off the Turkish coast near Cyprus through publicly accessible location data.
The carrier group, repositioned under orders from the French President, includes the Charles de Gaulle (equipped with 20 fighter jets, two early warning aircraft, and three helicopters), three French frigates, a replenishment ship, and frigates from Italy, Spain, and the Netherlands. A French rear admiral had disclosed the group’s composition earlier that day at the Ministry of the Armed Forces.
A French Navy spokesperson confirmed the app violated existing security protocols and stated that corrective measures would follow if the report was verified. This incident mirrors past breaches, including similar tracking of military personnel and bases since 2018, all linked to the same fitness app, which has 195 million users and defaults to public location sharing unless manually adjusted.
The report also highlights broader concerns over fitness apps with foreign ownership, particularly in the U.S., where another widely used app faced restrictions for government and military personnel amid national security risks.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
827
JANUARY 2026
827
DECEMBER 2025
827
Cyber Attack
11 Dec 2025 • FMAF
French Ministry of the Interior: France Arrests 22-Year-Old Suspect in Ministry of the Interior Cyberattack
French Interior Ministry Cyberattack
826
CRITICAL-1
FRE1766044507
French Authorities Arrest 22-Year-Old Suspect in Interior Ministry Cyberattack
French authorities have arrested a 22-year-old man in connection with a cyberattack on the country’s Interior Ministry, which compromised internal email systems and sensitive files. The suspect, born in 2003, was taken into custody on December 17, 2025, following an investigation led by the cybercrime unit of the Paris prosecutor’s office. He faces charges of unauthorized access to a state-run automated data processing system, an offense punishable by up to 10 years in prison.
The breach was detected between December 11 and 12, 2025, with attackers gaining access to document files, including criminal records. While French Interior Minister Laurent Nuñez confirmed the severity of the incident, he noted that the full extent of the compromise remains unclear, emphasizing that millions of records were not extracted—though he cautioned against underestimating the breach.
The suspect has a prior conviction in 2025 for similar cyber offenses, though authorities have not disclosed further details about his identity or past cases. The investigation, conducted by France’s Office for Combating Cybercrime (OFAC), suggests the attack may have been carried out as part of an organized group.
Following the breach, the Interior Ministry strengthened access controls and notified France’s data protection authority (CNIL). The attack’s origin remains undetermined, with possibilities ranging from foreign interference to cybercriminal activity or hacktivism.
Online claims of responsibility emerged on an underground forum, with a post referencing retaliation for the 2025 arrests of five BreachForums moderators, including figures linked to the ShinyHunters hacking group. However, authorities have not confirmed a direct connection between the suspect and these claims. The investigation is ongoing, with further updates expected after the suspect’s 48-hour police custody period.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
827
OCTOBER 2025
827
SEPTEMBER 2025
827
AUGUST 2025
827
JANUARY 2022
827
Cyber Attack
01 Jan 2022 • FMAF
Netherlands government, French rail infrastructure, German government, Slovakian government, Romanian government and Finnish government: EU, UK Hit Russia With Joint Cyber Sanctions
EU and UK Impose Sanctions on Russia Over Cyberattacks Targeting Europe
826
CRITICAL-1
GERMINGOVMOFMZVFRE1783946090
EU and UK Impose Sanctions on Russia Over Cyberattacks Targeting Europe
The European Union and the United Kingdom announced coordinated sanctions on Monday against Russia, holding Moscow’s FSB intelligence agency responsible for a series of cyberattacks across Europe. The measures target nine individuals and four entities by the EU, while the UK added 24 names to its sanctions list, imposing asset freezes and visa bans.
The sanctions mark the first joint cybersecurity action between the EU and UK, aimed at countering Russia’s efforts to disrupt European stability. Among those sanctioned are officers from Russia’s GRU military intelligence and cybercriminals allegedly collaborating with the state.
A recent failed cyberattack on Poland’s critical infrastructure, including its power grid, was linked to the FSB’s Centre 16 unit. UK officials warned the attack could have left 500,000 people without electricity during winter. France’s foreign minister confirmed that Russian cyber operations have targeted government ministries, companies, and key services, including rail infrastructure, with some groups claiming responsibility for disruptions ahead of the Paris 2024 Olympics.
The EU reported that France, Germany, Poland, Cyprus, the Netherlands, Austria, Slovakia, Romania, and Finland have been victims of these attacks over several years. Western intelligence agencies have long accused FSB’s Centre 16 of deploying malware for espionage and sabotage worldwide.
The sanctions build on existing measures against Russia following its 2022 invasion of Ukraine, reinforcing Western efforts to curb Moscow’s cyber aggression.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for FMAF ??
What was FMAF's A.I Rankiteo Cyber Score in June 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in May 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in April 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in March 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in February 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in January 2026 ??
What was FMAF's A.I Rankiteo Cyber Score in December 2025 ??
What was FMAF's A.I Rankiteo Cyber Score in November 2025 ??
What was FMAF's A.I Rankiteo Cyber Score in October 2025 ??
What was FMAF's A.I Rankiteo Cyber Score in September 2025 ??
What was FMAF's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on FMAF's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with FMAF ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view FMAF's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?