A dataset containing emails and passwords allegedly tied to French government organizations has surfaced on a dark web forum operated by the Stormous ransomware group.
Hackers Claim Leak from High-Profile French Institutions
The Stormous ransomware cartel published what it called a “comprehensive leak” of data from several French government institutions. The post appeared on a dark web forum linked to the group and claimed to include credential information from multiple organizations.
An analysis by the Cybernews research team confirmed that the leaked material included some real data. However, the quality and relevance of the dataset remain uncertain.
Researchers noted that while the data appears to originate from legitimate French government domains, the passwords are hashed using the outdated MD5 algorithm, which is no longer considered secure.
“That said, this could also be an old dataset from a time when stronger security standards weren’t yet in place,” researchers explained.
The number of exposed email addresses varies by institution. In some cases, only a few emails were included. In others, attackers claim that hundreds of government email addresses were leaked.
The French Cybersecurity Agency (ANSSI) has been contacted for comment. No response has been received at the time of writing.
Stormous Activity and History
Stormous is considered one of the more persistent ransomware groups still active. First identified in 2022, the gang has claimed responsibility for several cyberattacks in Europe and beyond.
In 2023, the group claimed a breach of Duvel Moortgat, a well-known Belgian brewery. According to Cybernews’ Ransomlooker tracker, Stormous has targeted at least 34 organizations over the past 12 months.
This alleged breach follows other high-profile data exposures in France. Last year, a separate security incident involved a misconfigured instance that leaked 95 million records containing French citizens’ email addresses, phone numbers, and partial payment information.
