The French postal service is still reeling after a DDoS attack on Monday took out its online services and disrupted deliveries.
The main website of La Poste was inaccessible at the time of writing on Wednesday morning, although its email service (laposte.net) and online storage (Digiposte) did appear to be working.
A social media post from the publicly owned company yesterday said La Banque Postale online and mobile app, laposte.fr , Digiposte, La Poste Digital Identity and the La Poste application were all “temporarily inaccessible” following a “major network incident disrupting all our information systems.”
It added: “For bank customers, online payments remain possible with SMS authentication. Cash withdrawals from ATMs, card payments at in-store POS terminals, and transfers via WERO are still available.”
Read more on DDoS attacks: DDoS Attack Volume and Magnitude Continues to Soar
Unusually for a DDoS attack, it seems to have had a significant impact on physical operations, with reports suggesting frustrated customers were being turned away from post offices in the French capital.
“In some post offices, service may be temporarily disrupted. However, it is still possible to carry out your banking and postal transactions at the counter,” La Poste claimed.
“Our teams are fully mobilized to restore the situation as quickly as possible and ensure a return to normal as soon as possible.”
The attack comes just comes days after threat actors stole data including police records from the French Interior Ministry.
Possible Nation State Involvement
Xcape’s John Carberry said the attack was “timed perfectly” to cause maximum disruption.
”By crippling parcel tracking, digital services and mobile banking simultaneously, the attackers effectively choked the financial and logistical arteries of millions during the year’s busiest period,” he added.
No threat groups has so far come forward to claim the attack.
“The lack of an immediate claim of responsibility hints at a state-sponsored or hacktivist ‘stress test’ of national resilience, rather than a straightforward financial motive. The impact on La Poste shows how cyber-attacks rarely stay isolated. Although backup systems kept some services operational, customer trust inevitably suffered just before the holidays,” Carberry continued.
“This attack, alongside other recent cyber-incidents in France, amplifies concerns about a coordinated campaign rather than isolated events. For organizations of this size, resilience planning must assume disruption is inevitable. Diversified infrastructure, pre-negotiated DDoS mitigation and obvious offline fallbacks are necessary for operators such as La Poste to continue conducting business when displays go dark.”
Image credit: Gautier Normand / ricochet64 / Shutterstock.com