FOL 23 Faces Ransomware Breach by APT73 Cybercriminals

Incident Date: Jan 17, 2025

Attack Overview

VICTIM

Fédération Oeuvres Laïques Creuse

INDUSTRY

Education

LOCATION

France

ATTACKER

APT73

FIRST REPORTED

January 17, 2025

Request Removal

Ransomware Attack on Fédération Oeuvres Laïques Creuse: A Closer Look

The Fédération Oeuvres Laïques Creuse (FOL 23), a prominent organization in the Creuse region of France, has recently fallen victim to a ransomware attack allegedly orchestrated by the group known as APT73. This incident underscores the vulnerabilities faced by educational and community-focused organizations in the current cybersecurity landscape.

About FOL 23

FOL 23 is a multifaceted association dedicated to promoting education, sports, civic engagement, cultural events, and leisure activities. With an annual revenue of approximately $20.8 million, the organization plays a significant role in enhancing social engagement and community development in the Creuse region. As part of the broader "Ligue de l'enseignement" network, FOL 23 is committed to advancing secular education and social initiatives. Despite its moderate size, the organization is a key player in its sector, making it an attractive target for cybercriminals.

Details of the Attack

The ransomware group APT73 has claimed responsibility for the attack on FOL 23, asserting that they have exfiltrated sensitive data from the organization. The attackers have released screenshots to substantiate their claims, indicating a breach of the organization's systems. The attack was first reported on January 20, 2025, and the extent of the data leak remains unclear. This incident could potentially disrupt FOL 23's ability to serve the local community effectively.

APT73: A New Threat in the Cybersecurity Landscape

APT73 is a relatively new ransomware group that emerged in late April 2024. The group distinguishes itself by adopting an "APT" designation, typically associated with advanced persistent threats, to project a sophisticated image. Their operational model closely mirrors that of the notorious LockBit group, employing similar tactics such as double-extortion strategies. Despite their amateurish signs, such as lacking active mirrors on their data leak site, APT73 has quickly targeted multiple victims across various sectors, including education and healthcare.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.