Only days after a major cyber attack caused problems for package tracing in France during the busy Christmas period, La Poste, which is also operating as La Banque Postale as its banking subsidiary, was facing another day of extreme difficulties due to service failures, which emphasize increasing worries regarding resilient infrastructure.
In keeping with an announcement issued by the group through their website, the new cyber attack unfolded at about 3:30 a.m. on Thursday, and several online services were affected. As of 8:00 a.m., the French postal service company, La Poste, confirmed to Agence France-Press agency that the availability of laposte.fr and the online platforms for La Banque Postale remained “very unstable, due to the new cyber attack.”
Apart from package tracking, which most of the customers, estimated to be in millions, rely on on a daily basis, the outage made Digiposte’s secure electronic vault unavailable. Customers of La Banque Postale could not confirm their online payments through the mobile banking application, which, for a time, had to resort to SMS confirmation methods.
Although payments made via the terminal and withdrawals via ATMs remained unaffected, it is clear that digital verification systems are vulnerable during a crisis.
La Poste said it had mobilized its technical teams to restore services “as quickly as possible” and reaffirmed that no data leak had been identified. Yet, a repetition of such incidents in less than a week invites questions over the robustness of the group’s cybersecurity posture and capacity for crisis response.
A second blow after an “unprecedented” Christmas disruption
The fresh assault comes after what La Poste itself labeled an “unprecedented in scale” cyber attack, which began Monday, December 22, at the peak of the Christmas shopping and delivery season. The earlier attack had hindered the way people accessed various critical services for close to five days, especially the online tracking service of packages, though postal services and the delivery of letters and packets remained operational.
French authorities confirmed later that the cyber-attack in December was a denial-of-service attack (DDoS), in which massive amounts of data were directed at servers in order to make the services unavailable to their users. Though data breaches need not happen in denial-of-service attacks, it has been reported that such kind of attack could be highly effective in harming public trust in the system and freezing the online activities of the organization for several days.
The length of the December attack had been more than typical for a DDoS, which usually lasts for several hours, not days. The hacker group known as NoName057(16) claimed responsibility. It’s a pro-Kremlin group notorious for DDoS attacks on Ukraine and countries perceived as Ukraine’s allies since Russia’s full-scale invasion of Ukraine in February 2022.
French prosecutors confirmed that the investigation has been launched and entrusted to the General Directorate for Internal Security and the National Cyber Unit. NoName057(16) previously claimed responsibility for cyber operations targeting French government websites, transport services, and regional authorities – often presenting its actions as part of revenge after France’s diplomatic and military support for Kyiv.
Part of a wider pattern of hybrid threats
The fact that La Poste has been targeted several times makes this incident a part of a wider European trend of cyberattacks on the civilian sector, such as the postal system, healthcare facilities, energy firms, among others.
As quoted by France’s National Agency for the Security of Information Systems, “Cybersecurity incidents involving the public sector have significantly increased since the beginning of 2022. DDoS attacks continue to be a popular choice” for cyber attackers, owing to the fact that DDoS attacks are inexpensive and provide high visibility.
Although La Poste has been quick to point out that there were no personal financial details breached in these credential phishing attacks, cybersecurity experts point out that service derailments can be highly destructive in terms of their long-term impact on the economy and society even if sensitive information has not been stolen. La Poste handles more than 20 billion items each year. It presently has millions of banking customers.
Critics say the repetition of such attacks raises uncomfortable questions about whether the real lessons from December were truly understood and whether sufficient contingency measures were in place to prevent a repeat of such an attack. The timing, once more at a time of heightened consumer reliance upon digital services, has also raised some question over preparedness planning for such periods of peak demand.
Accountability and unanswered questions
La Poste has filed a formal complaint, reiterating that denial-of-service attacks do not equate to system intrusions. But security specialists say that makes little difference to users who have been unable to access vital services for days on end. And with investigations continuing and the group refusing immediate further comment, both La Poste and French authorities are under growing pressure to prove critical national services are resilient against sustained cyber pressure.
While France presses on with its leadership role in European cybersecurity and digital sovereignty, the continued disruption of one of the most critical public service-providing entities in this country underscores the divergence between strategic ambition and resilience in the face of persistent hybrid threats.
