Breach Discovery and Initial Response
The French government’s official encrypted messaging platform, Tchap, was breached after attackers compromised a legitimate user’s account. The breach was detected by the French cybersecurity agency ANSSI, which alerted DINUM, the digital affairs directorate that developed and manages Tchap. The platform, built on the Matrix protocol and used exclusively by French civil servants, now serves over 300,000 monthly active users. DINUM immediately blocked the compromised account and launched an investigation to determine the scope of the attacker’s access.
Impact and Scope of the Attack
A threat actor claimed responsibility over the weekend and shared samples of stolen data. They said they gained access through a social engineering attack targeting an account on the education segment of Tchap. The actor claims to have obtained hardcoded LDAP credentials that appeared in a PowerShell script shared by a French tax authority official. They also claimed to have accessed over 13.5GB of documents and media files, scraped nearly 650,000 messages, and collected metadata from more than 73,000 accounts, including email addresses and device information. The attackers also said that any file previously shared on Tchap could be downloaded without authentication. DINUM has notified the French data protection authority CNIL and warned users that public chat rooms are not encrypted and should not be used for sensitive exchanges.
Source: BleepingComputer
